Impact
A bug introduced in version 1.1.0 made Tokenize generate faulty tokens with NaN as a generation date. As a result, tokens would not properly expire and remain valid regardless of the lastTokenReset field.
Patches
Version 1.1.3 contains a patch that'll invalidate these faulty tokens and make new ones behave as expected.
Workarounds
None. Tokens do not hold the necessary information to perform invalidation anymore.
References
PR #1
For more information
If you have any questions or comments about this advisory:
References
williamwa Analyst
Impact
A bug introduced in version 1.1.0 made Tokenize generate faulty tokens with NaN as a generation date. As a result, tokens would not properly expire and remain valid regardless of the
lastTokenResetfield.Patches
Version 1.1.3 contains a patch that'll invalidate these faulty tokens and make new ones behave as expected.
Workarounds
None. Tokens do not hold the necessary information to perform invalidation anymore.
References
PR #1
For more information
If you have any questions or comments about this advisory:
References