CVE-2015-9238

Опубликовано: 31 мая 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.

Ссылки

https://github.com/vdemedes/secure-compare/pull/1
Third Party Advisory
https://nodesecurity.io/advisories/50
Third Party Advisory
https://github.com/vdemedes/secure-compare/pull/1
Third Party Advisory
https://nodesecurity.io/advisories/50
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:secure-compare_project:secure-compare:*:*:*:*:*:node.js:*:*

Версия до 3.0.1 (исключая)

EPSS

Процентиль: 44%

0.00217

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-697

CWE-134

Связанные уязвимости

GHSA-h9x2-5rm7-x4gm

github

больше 6 лет назад

Insecure Comparison in secure-compare