CVE-2015-9238

medium

Description

secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.

References

Advisories

https://nodesecurity.io/advisories/50

https://github.com/vdemedes/secure-compare/pull/1

Details

Source: Mitre, NVD

Published: 2018-05-31

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N