Описание
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.0 (исключая)
cpe:2.3:a:expressjs:basic-auth-connect:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 34%
0.00132
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-208
NVD-CWE-Other
Связанные уязвимости
CVSS3: 5.3
redhat
больше 1 года назад
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.
CVSS3: 7.5
github
больше 1 года назад
basic-auth-connect's callback uses time unsafe string comparison
EPSS
Процентиль: 34%
0.00132
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-208
NVD-CWE-Other