CVE-2015-9238

Published: May 31, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.

Vendor	Product	Versions
HackerOne	secure-compare node module	affected `<=3.0.0`

Weaknesses (CWE)

CWE-697

References

https://github.com/vdemedes/secure-compare/pull/1

x_refsource_MISC

https://nodesecurity.io/advisories/50

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-9238

Description

Affected Products

Weaknesses (CWE)

References