@fastify/secure-session@5.2.0 vulnerabilities

Create a secure stateless cookie session for Fastify

Direct Vulnerabilities

Known vulnerabilities in the @fastify/secure-session package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Insufficient Session Expiration

@fastify/secure-session is a Create a secure stateless cookie session for Fastify

Affected versions of this package are vulnerable to Insufficient Session Expiration due to the session removal process. Specifically, in the delete function, when a session is deleted, it is marked for deletion. However, if an attacker could gain access to the cookie, they could continue using it indefinitely.

How to fix Insufficient Session Expiration?

Upgrade @fastify/secure-session to version 7.3.0 or higher.

<7.3.0