CVE

CVE-2024-47178

basic-auth-connect's callback uses time unsafe string comparison

Back to all

CVE

CVE-2024-47178

basic-auth-connect's callback uses time unsafe string comparison

Impact

basic-auth-connect <1.1.0 uses a timing-unsafe equality comparison that can leak timing information

Patches

this issue has been fixed in basic-auth-connect 1.1.0

References

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

Related Resources

No items found.

References

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

0.00132%

EPSS Percentile

0.33548%

Introduced Version

1.0.0

Fix Available

1.1.0

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2024-47178

CVE-2024-47178

Impact

Patches

References

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.5

Basic Information

Fix Critical Vulnerabilities Instantly