Node-cookie-signature prior to 1.0.6 is affected by a timing attack due to the type of comparison used.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cookie-signature project cookie-signature |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |