Published: 19/11/2019 Updated: 07/11/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.4 | Impact Score: 3.6 | Exploitability Score: 0.7

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Node-cookie-signature prior to 1.0.6 is affected by a timing attack due to the type of comparison used.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cookie-signature project cookie-signature
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #838618 node-cookie-signature: CVE-2016-1000236 Package: src:node-cookie-signature; Maintainer for src:node-cookie-signature is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Sep 2016 05:15:01 UT ...

CWE-362 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838618 https://travis-ci.com/nodejs/security-wg/builds/76423102 https://security-tracker.debian.org/tracker/CVE-2016-1000236 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000236 https://bugzilla.redhat.com/show_bug.cgi?id=1371409 https://www.mail-archive.com/secure-testing-team%40lists.alioth.debian.org/msg06583.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838618 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1000236

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect