3 matches found
10er10 (=0.23.0), 10tcl (>=0.0.1 <=0.0.10) +3533 more potentially affected by CVE-2016-1000236 via cookie-signature (>=0.0.1 <=1.0.3)
cookie-signature NPM version =0.0.1, =0.0.1, =1.0.1, =0.0.1, =0.0.1, =1.0.1, =0.25.0, =1.0.4, =1.0.6 - @axerunners/p2pool-scanner =0.0.2 - @azu/api-mock =1.0.0 and more Source cves: CVE-2016-1000236 Source advisory: OSV:GHSA-92VM-WFM5-MXVV...
CVE-2016-1000236
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used...
CVE-2016-1000236
CVE-2016-1000236 affects the node-cookie-signature package prior to v1.0.6. Root cause: a timing-attack due to a non-constant-time comparison in signature verification. Impact: under favorable network conditions, an attacker could deduce the secret by exploiting slight timing differences (per-cha...