Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
EverShop 安全漏洞
Vulnerability Description
EverShop是EverShop开源的一个 NodeJS 电商平台。 EverShop 1.0.0-rc.8之前版本存在安全漏洞,该漏洞源于用于生成令牌的 HMAC 秘密被硬编码为“secret”。
CVSS Information
N/A
Vulnerability Type
N/A