Do your applications use this vulnerable package?
Test your applications
Overview
contwidgetor
is a contributions widget for both bitbucket and github.
Affected versions of the package use the insecure SHA-1 in the authentication method. It is possible to duplicate the hash and should not be used in security sensitive instances.
Remediation
There is no fix version for contwidgetor
.
References
CVSS Score
3.7
low severity
-
Attack VectorNetwork
-
Attack ComplexityHigh
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityNone
-
AvailabilityNone
- Credit
- Liang Gong
- CWE
- CWE-916
- Snyk ID
- npm:contwidgetor:20170303
- Disclosed
- 02 Mar, 2017
- Published
- 28 Jun, 2017