Description
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
Remediation
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838618
https://bugzilla.redhat.com/show_bug.cgi?id=1371409
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000236
https://security-tracker.debian.org/tracker/CVE-2016-1000236
https://travis-ci.com/nodejs/security-wg/builds/76423102
https://www.mail-archive.com/secure-testing-team%40lists.alioth.debian.org/msg06583.html
Related Vulnerabilities
CVE-2023-29216 Vulnerability in maven package org.apache.linkis:linkis-common
CVE-2018-1000613 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2022-24721 Vulnerability in maven package org.cometd.java:cometd-java-oort
CVE-2022-24898 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2023-42268 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core