CVE-2025-60794

Published
View on NVD ↗
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
3
PROJECTS

Description

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access techniques, potentially leading to session hijacking.

pr0wl1ng/security-advisories
pr0wl1ng/security-advisories
GitHubGitHub
perfood/couch-auth
perfood/couch-auth
Powerful authentication for APIs and apps using CouchDB (or Cloudant) with Node >= 14
GitHubGitHub
78
@perfood/couch-auth
@perfood/couch-auth
Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript.
NPMNPM