@5ht/express (>=1.0.6 <=2.2.0), @audius/sdk (>=0.0.3 <=7.1.1) +7 more potentially affected by CVE-2025-9287 via cipher-base (=1.0.4)

cipher-base NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on cipher-base and may be impacted: - @5ht/express =1.0.6, =0.0.3, =6.0.4, =1.0.1, =1.5.2-beta.1, =1.0.0, =1.0.0, =0.2.0-beta.9, =0.2.0-beta.11 Source cves: CVE-2025-9287 Sourc...

Function Call With Incorrect Argument Type

Overview Affected versions of this package are vulnerable to Function Call With Incorrect Argument Type due to insufficient type validation in the update function. An attacker can manipulate input data by supplying crafted objects that cause the hash state to rewind and process unintended data. P...

CVE-2025-9287

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

DEBIAN-CVE-2025-9287

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

CVE-2025-9287

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

UBUNTU-CVE-2025-9287

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

CVE-2025-9287 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

CVE-2025-9287 Missing type checks leading to hash rewind and passing on crafted data

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

CVE-2025-9287

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4...

CVE-2025-9287

CVE-2025-9287 affects cipher-base (Node.js crypto-base) up to version 1.0.4. The root cause is incomplete input type checks during input validation, enabling input data manipulation. Public reports and Debian advisories confirm fixes: node-cipher-base updated to 1.0.4-4+deb11u1 (Debian 11) and la...

PT-2025-34162

Name of the Vulnerable Software and Affected Versions: cipher-base versions through 1.0.4 Description: An improper input validation issue exists in cipher-base, allowing input data manipulation. This is due to missing input type checks, which can lead to invalid value calculations, hash state...

cipher-base 安全漏洞

cipher-base is an abstract base class for cryptographic streams in the Browserify open source. A security vulnerability exists in cipher-base version 1.0.4 and earlier, which stems from improper input validation and could lead to tampering of input data...