express-laravel-passport@1.0.2 vulnerabilities

Small middleware support getting user_id from Bearer header with laravel structure database

Direct Vulnerabilities

Known vulnerabilities in the express-laravel-passport package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Improper Authentication

express-laravel-passport is a small middleware support getting user_id from Bearer header with laravel structure database

Affected versions of this package are vulnerable to Improper Authentication. The module defined to handle authentication but does not validate the JWT token sent by the user. Therefore it allows modifying payload within the token. It provides an opportunity to forge the user's identity by changing the information inside the token's payload that is used to authenticate the client.

How to fix Improper Authentication?

There is no fixed version for express-laravel-passport.

*