You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Path to dependency file: /swagger-documentation/dynamic-html/package.json
Path to vulnerable library: /swagger-documentation/dynamic-html/node_modules/basic-auth-connect/package.json,/openapi-documentation/dynamic-html/node_modules/basic-auth-connect/package.json
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.
mend-bolt-for-githubbot
changed the title
CVE-2024-47178 (High) detected in basic-auth-connect-1.0.0.tgz
CVE-2024-47178 (Medium) detected in basic-auth-connect-1.0.0.tgz
Nov 17, 2024
CVE-2024-47178 - Medium Severity Vulnerability
Vulnerable Library - basic-auth-connect-1.0.0.tgz
Basic auth middleware for node and connect
Library home page: https://registry.npmjs.org/basic-auth-connect/-/basic-auth-connect-1.0.0.tgz
Path to dependency file: /swagger-documentation/dynamic-html/package.json
Path to vulnerable library: /swagger-documentation/dynamic-html/node_modules/basic-auth-connect/package.json,/openapi-documentation/dynamic-html/node_modules/basic-auth-connect/package.json
Dependency Hierarchy:
Found in HEAD commit: 0879348474e22463e77dc76ba5e5f7e6300a2b6c
Found in base branch: master
Vulnerability Details
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.
Publish Date: 2024-09-30
URL: CVE-2024-47178
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-7p89-p6hx-q4fw
Release Date: 2024-09-30
Fix Resolution: basic-auth-connect - 1.1.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: