Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
basic-auth-connect's callback uses time unsafe string comparison
Vulnerability Description
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.
CVSS Information
N/A
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
basic-auth-connect 安全漏洞
Vulnerability Description
basic-auth-connect是expressjs开源的一个用于节点和连接的基本身份验证中间件。 basic-auth-connect 1.1.0之前版本存在安全漏洞,该漏洞源于使用定时不安全的相等比较,从而会泄露定时信息。
CVSS Information
N/A
Vulnerability Type
N/A