CVE-2025-60794

Medium CVSS: 6.5

Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of opportunity for sensitive data extraction through memory dumps, debugging tools, or other memory access techniques, potentially leading to session hijacking.

Vendor

Perfood

Product

Couchauth

CWE

CWE-316

Yayın Tarihi

2025-11-20 15:17:37

Güncelleme

2025-12-12 15:34:10

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-316 Couchauth MEDIUM Perfood 2025

Referanslar

https://github.com/perfood/couch-auth https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60794.md https://www.npmjs.com/package/@perfood/couch-auth