exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2021-41246

около 4 лет назад

Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue.

CVSS3: 4.6

EPSS: Низкий

GHSA-7rg2-qxmf-hhx9

около 4 лет назад

Session fixation in express-openid-connect

CVSS3: 4.6

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2021-41246 Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue.	CVSS3: 4.6	0% Низкий	около 4 лет назад
	GHSA-7rg2-qxmf-hhx9 Session fixation in express-openid-connect	CVSS3: 4.6	0% Низкий	около 4 лет назад

Уязвимостей на страницу