Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2NnAtdzdxeC13djk4

Authentication Bypass in express-laravel-passport

All versions of express-laravel-passport are vulnerable to an Authentication Bypass. The package fails to properly validate JWTs, allowing attackers to send HTTP requests impersonating other users.

Recommendation

Upgrade to version 2.0.5 or later.

Permalink: https://github.com/advisories/GHSA-v66p-w7qx-wv98
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2NnAtdzdxeC13djk4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 3 years ago
Updated: over 1 year ago

Identifiers: GHSA-v66p-w7qx-wv98
References:

Blast Radius: 0.0

Affected Packages

npm:express-laravel-passport

Dependent packages: 1
Dependent repositories: 1
Downloads: 12 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.1.0, 1.1.2