1379747 – nodejs-cookie-signature: Timing attack vulnerability

Bug 1379747 - nodejs-cookie-signature: Timing attack vulnerability

Summary: nodejs-cookie-signature: Timing attack vulnerability

Keywords:
Status:	CLOSED DUPLICATE of bug 1371409
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1379750 1379752 1379759
Blocks:	1379756
TreeView+	depends on / blocked

Reported:	2016-09-27 14:57 UTC by Adam Mariš
Modified:	2021-02-17 03:15 UTC (History)
CC List:	25 users (show)
Fixed In Version:	nodejs-cookie-signature 1.0.6
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-11-02 01:36:59 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2016-09-27 14:57:18 UTC

Timing attack vulnerability was found in cookie-signature affecting versions <= 1.0.5.

Upstream patch:

https://github.com/tj/node-cookie-signature/commit/39791081692e9e14aa62855369e1c7f80fbfd50e

External References:

https://nodesecurity.io/advisories/134

Comment 1 Adam Mariš 2016-09-27 15:04:51 UTC

Created nodejs-cookie-signature tracking bugs for this issue:

Affects: fedora-all [bug 1379750]
Affects: epel-all [bug 1379752]

Comment 3 Kurt Seifried 2016-11-02 01:36:59 UTC


*** This bug has been marked as a duplicate of bug 1371409 ***

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
avibelli
bleanhar
ccoleman
coneill
dedgar
dmcphers
gsterlin
jbalunas
jgoulding
jialiu
jkeck
joelsmith
jokerman
jshepherd
kseifried
lmeyer
mmccomas
rrajasek
sardella
tchollingsworth
tdawson
tiwillia
tjay
tkirby