Homepage

authmagic-timerange-stateless-core@0.0.5 vulnerabilities

  • latest version

    0.0.13

  • first published

    6 years ago

  • latest version published

    3 years ago

  • licenses detected

  • View authmagic-timerange-stateless-core package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the authmagic-timerange-stateless-core package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Improper Authentication

    authmagic-timerange-stateless-core is a

    Affected versions of this package are vulnerable to Improper Authentication. The module is defined to handle authentication but does not validate the JWT token sent by the user when reissuing a new token (POST request to /token endpoint). Therefore it allows modifying payload within the token and also reissuing new token which will be signed by the system and become valid. This weakness provides an opportunity to forge the user's identity by changing the information inside the token's payload that is used to authenticate the client

    How to fix Improper Authentication?

    There is no fixed version for authmagic-timerange-stateless-core.

    *
    Go back to all versions of this package