Описание
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| node-pbkdf2 | fixed | 3.1.3+~3.1.2-1 | package | |
| node-pbkdf2 | no-dsa | trixie | package | |
| node-pbkdf2 | no-dsa | bookworm | package | |
| node-pbkdf2 | postponed | bullseye | package |
Примечания
https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6
Introduced by: https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078 (v3.0.10)
Fixed by: https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb (v3.1.3)
EPSS
Связанные уязвимости
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Уязвимость библиотеки pbkdf2 программной платформы Node.js, связанная с недостатками механизма проверки входных данных, позволяющая нарушителю подделать цифровую подпись
EPSS