Skip to main content

Couchauth

2 CVEs product

Monthly

CVE-2025-60794 npm MEDIUM This Month

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchauth
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-39655 npm CRITICAL Act Now

A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Couchauth
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
EPSS 0% CVSS 6.5
MEDIUM This Month

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchauth
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL Act Now

A host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Couchauth
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy