CNNVD-202511-2352 Information

CNNVD ID

CNNVD-202511-2352

Related CVE

CVE-2025-60794

• CNNVD Published: 2025-11-20

Description (Chinese)

CouchAuth是Perfood开源的一个身份验证API。 CouchAuth 0.21.2版本存在安全漏洞，该漏洞源于会话令牌和密码存储在JavaScript对象中且未明确清除，可能导致敏感数据泄露和会话劫持。

Description (English)

CouchAuth is an identification API from Perfood open source. There is a security loophole in the CouchAuth 0.21.2 version, which originates in and is not explicitly removed from JavaScript objects and can lead to sensitive data leaks and hijackings.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Perfood

Published

2025-11-20

Last Modified

2026-02-24

References

https://github.com/perfood/couch-auth https://github.com/pr0wl1ng/security-advisories/blob/main/CVE-2025-60794.md https://www.npmjs.com/package/@perfood/couch-auth https://access.redhat.com/security/cve/cve-2025-60794

Patch

https://github.com/perfood/couch-auth/releases