detherjs (>=4.2.3 <=4.2.15), secure-cookies-js (>=1.0.0 <=1.1.1) +1 more potentially affected by unknown CVE via simple-crypto-js (>=1.1.0 <=1.1.1)

simple-crypto-js NPM version =1.1.0, =4.2.3, =1.0.0, =0.1.1, =0.1.2 Source cves: unknown CVE Source advisory: OSV:GHSA-5V7R-JG9R-VQ44...

GHSA-5V7R-JG9R-VQ44 Insecure Cryptography Algorithm in simple-crypto-js

Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later...

Insecure Cryptography Algorithm in simple-crypto-js

Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later...