Описание
Insufficient Session Expiration in @cyyynthia/tokenize
Impact
A bug introduced in version 1.1.0 made Tokenize generate faulty tokens with NaN as a generation date. As a result, tokens would not properly expire and remain valid regardless of the lastTokenReset field.
Patches
Version 1.1.3 contains a patch that'll invalidate these faulty tokens and make new ones behave as expected.
Workarounds
None. Tokens do not hold the necessary information to perform invalidation anymore.
References
PR #1
For more information
If you have any questions or comments about this advisory:
- Open an issue in github.com/cyyynthia/tokenize
- Email us at cynthia@cynthia.dev
Пакеты
Наименование
@cyyynthia/tokenize
npm
Затронутые версииВерсия исправления
>= 1.1.0, < 1.1.3
1.1.3
Дефекты
CWE-613
Дефекты
CWE-613