cookie-encrypter@0.0.2 vulnerabilities

Transparently encrypt/decrypt your cookie with Nodejs

Direct Vulnerabilities

Known vulnerabilities in the cookie-encrypter package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Missing Cryptographic Step

cookie-encrypter is a Transparently encrypt/decrypt your cookie with Nodejs

Affected versions of this package are vulnerable to Missing Cryptographic Step through the decryptCookie function in the index.js file. An attacker can manipulate encrypted cookie data by performing a bit flipping attack.

How to fix Missing Cryptographic Step?

There is no fixed version for cookie-encrypter.

*