Vulnerability	Vulnerable Version
L Timing Attack safe-compare is a Constant-time comparison algorithm to prevent Node.js timing attacks. Affected versions of this package are vulnerable to Timing Attack via the `nativeTimingSafeEqual` function which could leak the length of a user password. This is caused by always choosing the length of the longer string when comparing. How to fix Timing Attack? Upgrade `safe-compare` to version 1.1.4 or higher.	>=1.0.4 <1.1.4
M Insecure Credential Comparison `safe-compare` is a constant-time comparison algorithm to prevent timing attacks.. Affected versions of the package are vulnerable to Insecure Credential Comparison. It used the `bufferAlloc` constructor incorrectly, which caused the password string to be "padded" with itself. This means that the passwords `"a"` and `"aaaaaaaaaaaaa"` would be equal. How to fix Insecure Credential Comparison? Upgrade `safe-compare` to version 1.1.2 or higher.	>=1.1.0 <1.1.2
M Insecure Credential Comparison `safe-compare` is Constant-time comparison algorithm to prevent timing attacks.. Affected versions of the package are vulnerable to Insecure Credential Comparison due to using `String.prototype.length` instead of `Buffer.byteLength`. How to fix Insecure Credential Comparison? Upgrade `safe-compare` to version 1.1.1 or higher.	<1.1.1

Go back to all versions of this package