Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enables an attacker to guess the secret in no more than (16*18)288 guesses, instead of the 16^18 guesses required were the timing attack not present.
CVSS Information
N/A
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
csrf-lite 安全漏洞
Vulnerability Description
csrf-lite是一个针对无框架节点网站的CSRF保护实用程序。 csrf-lite中存在安全漏洞。攻击者可利用该漏洞实施时序攻击,获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A