VYPR

npm package

passport-cognito

pkg:npm/passport-cognito

Vulnerabilities (1)

  • CVE-2019-19723criSep 4, 2020
    affected >= 0.0.0

    All versions of `passport-cognito` are vulnerable to Improper Authorization. The package fails to properly scope the variables containing authorization information, such as access token, refresh token and ID token. This causes a race condition where simultaneous authenticated use