NodeJS/cookie-signature/1.0.5

Sign and unsign cookies

Repo Link: https://www.npmjs.com/package/cookie-signature
License: MIT

1 Security Vulnerabilities

Timing attack vulnerability

Published date: 2016-08-29

CVEs: ["CVE-2016-1000236"]

CVSS Score: 5.4

CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

Coordinating vendor: ^Lift Security

Links:

https://github.com/tj/node-cookie-signature/commit/39791081692e9e14aa62855369e1c7f80fbfd50e

Cookie-signature is a library for signing cookies.

Versions before 1.0.4 were vulnerable to timing attacks.

Affected versions: ["0.0.1", "1.0.0", "1.0.1", "1.0.2", "1.0.3", "1.0.4", "1.0.5", "NodeJS/cookie-signature/0.0.1", "NodeJS/cookie-signature/1.0.1", "NodeJS/cookie-signature/1.0.3", "NodeJS/cookie-signature/1.0.0", "NodeJS/cookie-signature/1.0.2", "NodeJS/cookie-signature/1.0.4", "NodeJS/cookie-signature/1.0.5"]

Secure versions: [1.0.6, 1.0.7, 1.1.0, 1.2.0, 1.2.1, 1.2.2]

Recommendation: Upgrade to 1.0.6 or latest

13 Other Versions

Version	License	Security	Released
1.2.2	MIT		2024-10-29 - 19:39	about 1 year
1.2.1	MIT		2023-02-27 - 17:55	over 2 years
1.2.0	MIT		2022-02-17 - 20:23	over 3 years
1.1.0	MIT		2018-01-19 - 04:32	almost 8 years
1.0.7	MIT		2023-04-12 - 23:59	over 2 years
1.0.6	MIT		2015-02-03 - 22:23	over 10 years
1.0.5	MIT	1	2014-09-05 - 23:22	about 11 years
1.0.4	MIT	1	2014-06-25 - 22:14	over 11 years
1.0.3	MIT	2	2014-01-29 - 01:15	almost 12 years
1.0.2	MIT	2	2014-01-29 - 00:00	almost 12 years
1.0.1	MIT	2	2013-04-15 - 19:29	over 12 years
1.0.0	MIT	2	2013-04-12 - 19:07	over 12 years
0.0.1	MIT	2	2012-10-15 - 15:53	about 13 years