1.1.2
6 years ago
6 years ago
Known vulnerabilities in the express-laravel-passport package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
express-laravel-passport is a small middleware support getting user_id from Bearer header with laravel structure database Affected versions of this package are vulnerable to Improper Authentication. The module defined to handle authentication but does not validate the JWT token sent by the user. Therefore it allows modifying payload within the token. It provides an opportunity to forge the user's identity by changing the information inside the token's payload that is used to authenticate the client. How to fix Improper Authentication? There is no fixed version for | * |