Insufficient Session Expiration Affecting @cyyynthia/tokenize package, versions <1.1.3
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-CYYYNTHIATOKENIZE-1915381
- published 11 Nov 2021
- disclosed 10 Nov 2021
- credit William Wang
How to fix?
Upgrade @cyyynthia/tokenize to version 1.1.3 or higher.
Overview
@cyyynthia/tokenize is an A universal token format for authentication. Designed to be secure, flexible, and usable anywhere.
Affected versions of this package are vulnerable to Insufficient Session Expiration which generate faulty tokens with NaN as a generation date. As a result, tokens would not properly expire and remain valid regardless of the lastTokenReset field.