npm package
@fastify/passport
pkg:npm/%40fastify/passport
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-29020 | — | < 1.1.0 | 1.1.0 | Apr 21, 2023 | @fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network an | ||
| CVE-2023-29019 | — | < 1.1.0 | 1.1.0 | Apr 21, 2023 | @fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to |
- CVE-2023-29020Apr 21, 2023affected < 1.1.0fixed 1.1.0
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network an
- CVE-2023-29019Apr 21, 2023affected < 1.1.0fixed 1.1.0
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to