-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| passport | npm | < 0.6.0 | 0.6.0 |
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability (CWE-384) stems from improper session management during login/logout. The GitHub commit shows the logIn function was patched by adding req.session.regenerate(), indicating prior absence of session ID rotation. While the provided diff doesn't explicitly show logOut regeneration, the advisory states both actions were vulnerable, and the PR description confirms session regeneration was added for logout. The logOut function's medium confidence reflects partial visibility into its implementation changes.
Ongoing coverage of React2Shell