CVE-2015-9238
N/A
N/A
Summary
secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | secure-compare node module | <=3.0.0 | affected |
Weaknesses
- CWE-697: Incorrect Comparison (CWE-697)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.