Опубликовано: 30 сент. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
basic-auth-connect's callback uses time unsafe string comparison
Impact
basic-auth-connect <1.1.0 uses a timing-unsafe equality comparison that can leak timing information
Patches
this issue has been fixed in basic-auth-connect 1.1.0
References
Пакеты
Наименование
basic-auth-connect
npm
Затронутые версииВерсия исправления
< 1.1.0
1.1.0
Связанные уязвимости
CVSS3: 5.3
redhat
больше 1 года назад
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.
CVSS3: 5.3
nvd
больше 1 года назад
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.