@fastify/session is a session plugin for fastify. Requires the @fastify/cookie plugin. When restoring the cookie from the session store, the `expires` field is overriden if the `maxAge` field was set.
This means a cookie is never correctly detected as expired and thus expired sessions are not destroyed. This vulnerability has been patched 10.8.0.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-05-21T20:26:53.312Z
Updated: 2024-08-02T03:07:46.810Z
Reserved: 2024-05-14T15:39:41.783Z
Link: CVE-2024-35220
Vulnrichment
Updated: 2024-08-02T03:07:46.810Z
NVD
Status : Awaiting Analysis
Published: 2024-05-21T21:15:08.117
Modified: 2024-11-21T09:19:57.883
Link: CVE-2024-35220
Redhat
No data.