@blitzbank/dashboard (>=0.0.1 <=0.0.2), @coinmesh/lnd-adapter (>=0.0.1 <=0.2.12) +15 more potentially affected by unknown CVE via express-basic-auth (>=0.1.3 <=1.1.6)

express-basic-auth NPM version =0.1.3, =0.0.1, =0.0.1, =2.0.0, =1.0.0, =0.1.5, =3.0.0, =1.0.1, =1.0.0, =0.1.5, =0.0.1, =1.0.0, =0.1.0, =2.0.0, =36.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-C35V-QWQG-87JC...

express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison

Versions of express-basic-auth prior to 1.1.7 are vulnerable to Timing Attacks. The package uses native string comparison instead of a constant time string comparison, which may lead to Timing Attacks. Timing Attacks can be used to increase the efficiency of brute-force attacks by removing the...

GHSA-C35V-QWQG-87JC express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison

Versions of express-basic-auth prior to 1.1.7 are vulnerable to Timing Attacks. The package uses native string comparison instead of a constant time string comparison, which may lead to Timing Attacks. Timing Attacks can be used to increase the efficiency of brute-force attacks by removing the...

Timing Attack

Overview Versions of express-basic-auth prior to 1.2.0 are vulnerable to Timing Attacks. The package uses nating string comparison instead of a constant time string compare which may lead to Timing Attacks. Timing Attacks can be used to increase the efficiency of brute-force attacks by removing t...