safe-compare@1.0.1 vulnerabilities

Constant-time comparison algorithm to prevent timing attacks.

Direct Vulnerabilities

Known vulnerabilities in the safe-compare package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insecure Credential Comparison

safe-compare is Constant-time comparison algorithm to prevent timing attacks..

Affected versions of the package are vulnerable to Insecure Credential Comparison due to using String.prototype.length instead of Buffer.byteLength.

How to fix Insecure Credential Comparison?

Upgrade safe-compare to version 1.1.1 or higher.