CVE-2015-9238

Summary

secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.

Affected Software

VendorProductVersion RangeStatus
HackerOnesecure-compare node module<=3.0.0affected

Weaknesses

  • CWE-697: Incorrect Comparison (CWE-697)

ADP Enrichment

CVE Program Container

Additional References

References