Moderate severityNVD Advisory· Published Nov 20, 2025· Updated Nov 20, 2025
CVE-2025-60794
CVE-2025-60794
Description
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access techniques, potentially leading to session hijacking.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@perfood/couch-authnpm | <= 0.21.2 | — |
Affected products
2- couch-auth/couch-authdescription
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.