exploitDog

CVE-2025-60794

Опубликовано: 20 нояб. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access techniques, potentially leading to session hijacking.

Ссылки

https://github.com/perfood/couch-auth
Product
https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60794.md
Third Party Advisory
https://www.npmjs.com/package/@perfood/couch-auth
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:perfood:couchauth:*:*:*:*:*:node.js:*:*

Версия до 0.21.2 (включая)

EPSS

Процентиль: 6%

0.00023

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-316

Связанные уязвимости

GHSA-62vx-hpcr-m9ch

github

3 месяца назад

@perfood/couch-auth may expose session tokens, passwords

EPSS

Процентиль: 6%

0.00023

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-316