CVE-2021-41246

Published
View on NVD ↗
CVSS v3
4.6
MEDIUM
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT

Description

Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue.

auth0/express-openid-connect
auth0/express-openid-connect
An Express.js middleware to protect OpenID Connect web applications.
GitHubGitHub
514