VYPR

npm package

@fastify/passport

pkg:npm/%40fastify/passport

Vulnerabilities (2)

  • CVE-2023-29020Apr 21, 2023
    affected < 1.1.0fixed 1.1.0

    @fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network an

  • CVE-2023-29019Apr 21, 2023
    affected < 1.1.0fixed 1.1.0

    @fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to