CVE-2019-19723

Name of the Vulnerable Software and Affected Versions passport-cognito versions all

Description The issue is related to Improper Authorization. The package fails to properly scope variables containing authorization information, such as access token, refresh token, and ID token. This causes a race condition where simultaneous authenticated users may receive authorization tokens for a different user, allowing a user to take actions on another user's behalf.

Recommendations Consider using an alternative package until a fix is made available.