GMS-2020-255: Authentication Bypass in express-laravel-passport
(updated )
All versions of express-laravel-passport
are vulnerable to an Authentication Bypass. The package fails to properly validate JWTs, allowing attackers to send HTTP requests impersonating other users. Upgrade to or later.
References
Detect and mitigate GMS-2020-255 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →