Количество 2
Количество 2
CVE-2023-46943
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
GHSA-32r3-57hp-cgfw
EverShop at risk to unauthorized access via weak HMAC secret
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-46943 An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. | CVSS3: 9.1 | 0% Низкий | около 2 лет назад |
| GHSA-32r3-57hp-cgfw EverShop at risk to unauthorized access via weak HMAC secret | CVSS3: 7.4 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу