basic-auth-connect@1.0.0 vulnerabilities

Basic auth middleware for node and connect

Direct Vulnerabilities

Known vulnerabilities in the basic-auth-connect package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Observable Timing Discrepancy

basic-auth-connect is a Basic auth middleware for node and connect

Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the use of a timing-unsafe equality comparison. An attacker can infer sensitive data.

How to fix Observable Timing Discrepancy?

Upgrade basic-auth-connect to version 1.1.0 or higher.

<1.1.0