NodeJS/cookie-signature/1.0.5
Sign and unsign cookies
https://www.npmjs.com/package/cookie-signature
MIT
1 Security Vulnerabilities
Timing attack vulnerability
Published date: 2016-08-29
CVEs: ["CVE-2016-1000236"]
CVSS Score: 5.4
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Coordinating vendor: ^Lift Security
Cookie-signature is a library for signing cookies.
Versions before 1.0.4 were vulnerable to timing attacks.
Affected versions:
["0.0.1", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5"]
Secure versions:
[1.0.6, 1.1.0, 1.2.0, 1.2.1, 1.0.7, 1.2.2]
Recommendation:
Upgrade to 1.0.6 or latest
13 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
1.2.2 | MIT | 2024-10-29 - 19:39 | about 1 month | |
1.2.1 | MIT | 2023-02-27 - 17:55 | almost 2 years | |
1.2.0 | MIT | 2022-02-17 - 20:23 | almost 3 years | |
1.1.0 | MIT | 2018-01-19 - 04:32 | almost 7 years | |
1.0.7 | MIT | 2023-04-12 - 23:59 | over 1 year | |
1.0.6 | MIT | 2015-02-03 - 22:23 | almost 10 years | |
1.0.5 | MIT | 1 | 2014-09-05 - 23:22 | over 10 years |
1.0.4 | MIT | 1 | 2014-06-25 - 22:14 | over 10 years |
1.0.3 | MIT | 2 | 2014-01-29 - 01:15 | almost 11 years |
1.0.2 | MIT | 2 | 2014-01-29 - 00:00 | almost 11 years |
1.0.1 | MIT | 2 | 2013-04-15 - 19:29 | over 11 years |
1.0.0 | MIT | 2 | 2013-04-12 - 19:07 | over 11 years |
0.0.1 | MIT | 2 | 2012-10-15 - 15:53 | about 12 years |