Use of Password Hash With Insufficient Computational Effort Affecting taylored package, versions <7.0.16


Severity

Recommended
0.0
critical
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Use of Password Hash With Insufficient Computational Effort vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JS-TAYLORED-10442513
  • published20 Jun 2025
  • disclosed18 Jun 2025
  • creditUnknown

Introduced: 18 Jun 2025

New CVE NOT AVAILABLE CWE-22  (opens in a new tab)
CWE-294  (opens in a new tab)
CWE-345  (opens in a new tab)
CWE-916  (opens in a new tab)

How to fix?

Upgrade taylored to version 7.0.16 or higher.

Overview

taylored is a Make changes to a branch a plugin. A command-line tool to manage and apply plugins '.taylored'. Supports applying, removing, verifying plugins, and generating them from branch (GIT).

Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort via the patch download process. An attacker can read arbitrary files from the server, gain unauthorized access to paid patches, and weaken encrypted patch protection by submitting crafted requests with path traversal sequences, spoofing payment notifications, or reusing purchase tokens.

References

CVSS Base Scores

version 4.0
version 3.1