Security vulnerability on Connect is present in Everyauth

bnoguchi / everyauth

node.js auth package (password, facebook, & more) for Connect and Express apps

http://everyauth.com/

3.49k stars 447 forks source link

Security vulnerability on Connect is present in Everyauth #463

Closed giggio closed 10 years ago

giggio commented 10 years ago

It seems that Connect versions < 2.8.1 suffer from a xss vulnerability: http://osdir.com/ml/general/2014-04/msg22253.html Current version of Everyauth (0.4.6) depends on Connect 2.3.x. Would you please update the dependency?

ibash commented 10 years ago

@giggio in the meantime make a clone and bump the version, or use ours github.com/Datahero/everyauth.

giggio commented 10 years ago

@ibash what repo is this at datahero? It seems to be running months parallel to this one.

ibash commented 10 years ago

Just something we use, has a few extra modules and minor tweaks here and there.