Homepage
About Snyk

secure-compare@0.9.0 vulnerabilities

Securely compare two strings, copied from cryptiles

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the secure-compare package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Insecure Comparison

secure-compare is a node implementation of constant-time comparison algorithm to prevent timing attacks for Node.js. In versions prior to 3.0.1, the compare function made sure that the length of the two arguments is the same, and then mistakenly compared the first argument to itself, meaning that the function would return true for any two arguments of the same length.

How to fix Insecure Comparison?

Upgrade to version 3.0.1 or greater.

When direct dependency update is not possible, use snyk wizard to patch against this vulnerability.

<3.0.1
  • M
Insecure Comparison

secure-compare is a node implementation of constant-time comparison algorithm to prevent timing attacks for Node.js. In versions prior to 3.0.1, the compare function made sure that the length of the two arguments is the same, and then mistakenly compared the first argument to itself, meaning that the function would return true for any two arguments of the same length.

How to fix Insecure Comparison?

Upgrade to version 3.0.1 or greater.

When direct dependency update is not possible, use snyk wizard to patch against this vulnerability.

<3.0.1
Go back to all versions of this package