GHSA-cpfx-964w-4jvp

Опубликовано: 11 фев. 2025

Источник: github

Github: Прошло ревью

CVSS3: 8.1

Описание

Authentication bypass in @sap/approuter

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code, an attacker can steal the session of the victim by injecting malicious payload, causing High impact on confidentiality and integrity of the application.

Ссылки

Пакеты

Наименование

@sap/approuter

npm

Затронутые версииВерсия исправления

>= 2.6.1, < 16.7.2

16.7.2

EPSS

Процентиль: 39%

0.00174

Низкий

8.1 High

CVSS3

CVE ID

CVE-2025-24876

Дефекты

CWE-601

Связанные уязвимости

CVE-2025-24876

CVSS3: 8.1

nvd

12 месяцев назад

The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the application

EPSS

Процентиль: 39%

0.00174

Низкий

8.1 High

CVSS3

CVE ID

CVE-2025-24876

Дефекты

CWE-601