CVE-2016-10535
The CVE-2016-10535 issue affects csrf-lite, a CSRF-protection library for framework-less Node sites. The vulnerability arises because csrf-lite uses a fail-early string comparison (===) instead of a constant-time comparison, enabling timing-based leakage of the secret. Exploitation could allow an...