Lucene search
Veracode Vulnerability DatabaseVERACODE:33239HistoryDec 10, 2021 - 7:57 a.m.
Session Fixation
2021-12-1007:57:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.002 Low
EPSS
Percentile
60.2%
express-openid-connect is vulnerable to session fixation. The attack exists because the library does not regenerate the session id and cookie when user logs in, allowing a malicious user to hijack the session using earlier generated cookies.
| CPE | Name | Operator | Version |
|---|---|---|---|
| express-openid-connect | le | 2.5.1 | |
| express-openid-connect | le | 2.5.1 |
Related
cve
cve
CVE-2021-41246
2021-12-09 16:15:08
cvelist
cvelist
CVE-2021-41246 Session fixation in express-openid-connect
2021-12-09 15:55:10
github
github
Session fixation in express-openid-connect
2021-12-09 19:08:58
osv
osv
CVE-2021-41246
2021-12-09 16:15:08
Session fixation in express-openid-connect
2021-12-09 19:08:58
nvd
nvd
CVE-2021-41246
2021-12-09 16:15:08
prion
prion
Session fixation
2021-12-09 16:15:00