Security Advisory

CVE-2021-41246

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-09 15:55:10

Last updated 2024-08-04 03:08:31

Assigner GitHub_M

State PUBLISHED

Description

Express OpenID Connect is express JS middleware implementing sign on for Express web apps using OpenID Connect. Versions before and including `2.5.1` do not regenerate the session id and session cookie when user logs in. This behavior opens up the application to various session fixation vulnerabilities. Versions `2.5.2` contains a patch for this issue.

← Browse all CVEs View on cve.org ↗