Couchauth
1 CVEs
product
Monthly
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Couchauth
NVD
GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-60794
EPSS 0%
CVSS 6.5
MEDIUM
This Month
Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Couchauth
NVD
GitHub