Описание
Authentication Bypass in express-laravel-passport
All versions of express-laravel-passport are vulnerable to an Authentication Bypass. The package fails to properly validate JWTs, allowing attackers to send HTTP requests impersonating other users.
Recommendation
Upgrade to version 2.0.5 or later.
Пакеты
Наименование
express-laravel-passport
npm
Затронутые версииВерсия исправления
>= 0.0.0
Отсутствует
Дефекты
CWE-287
Дефекты
CWE-287