@ustack/egg-ue@0.8.0

Vulnerabilities

2 via 2 paths

Dependencies

83

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

high severity

Insecure Encryption

  • Vulnerable module: bcrypt
  • Introduced through: bcrypt@3.0.8

Detailed paths

  • Introduced through: @ustack/egg-ue@0.8.0 bcrypt@3.0.8
    Remediation: Upgrade to bcrypt@5.0.0.

Overview

bcrypt is an A library to help you hash passwords.

Affected versions of this package are vulnerable to Insecure Encryption. Data is truncated wrong when its length is greater than 255 bytes.

Remediation

Upgrade bcrypt to version 5.0.0 or higher.

References

medium severity

Cryptographic Issues

  • Vulnerable module: bcrypt
  • Introduced through: bcrypt@3.0.8

Detailed paths

  • Introduced through: @ustack/egg-ue@0.8.0 bcrypt@3.0.8
    Remediation: Upgrade to bcrypt@5.0.0.

Overview

bcrypt is an A library to help you hash passwords.

Affected versions of this package are vulnerable to Cryptographic Issues. When hashing a password containing an ASCII NUL character, that character acts as the string terminator. Any following characters are ignored.

Remediation

Upgrade bcrypt to version 5.0.0 or higher.

References