3 matches found
CVE-2023-46943
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...
CVE-2023-46943
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...
PT-2023-30056 · Npm · Evershop
Name of the Vulnerable Software and Affected Versions: EverShop NPM versions prior to 1.0.0-rc.8 Description: The issue allows a remote attacker to obtain sensitive information via a crafted request to the "DELETE" function in the "api/files" endpoint. Recommendations: For versions prior to...