Описание
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
Ссылки
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.6 (исключая)
cpe:2.3:a:cookie-signature_project:cookie-signature:*:*:*:*:*:node.js:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00539
Низкий
4.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-362
Связанные уязвимости
CVSS3: 4.4
ubuntu
около 6 лет назад
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
CVSS3: 5.4
redhat
больше 11 лет назад
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
CVSS3: 4.4
debian
около 6 лет назад
Node-cookie-signature before 1.0.6 is affected by a timing attack due ...
EPSS
Процентиль: 67%
0.00539
Низкий
4.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-362