GHSA-jj93-39pf-7mcf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jj93-39pf-7mcf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-jj93-39pf-7mcf/GHSA-jj93-39pf-7mcf.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-jj93-39pf-7mcf
- Aliases
- Published
- 2023-12-21T12:30:28Z
- Modified
- 2024-01-02T15:15:18Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- bsock uses weak hashing algorithms
- Details
-
An issue was discovered in the bsock component of bcoin-org bcoin that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component
\vendor\faye-websocket.js. - Database specific
{ "github_reviewed_at": "2023-12-21T18:13:09Z", "nvd_published_at": "2023-12-21T11:15:08Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-327" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-50475
- https://github.com/bcoin-org/bcoin/issues/1174
- https://github.com/bcoin-org/bcoin
- https://github.com/bcoin-org/bcoin/blob/master/node_modules/bsock/package.json
- https://github.com/bcoin-org/bsock/blob/master/package.json
- https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50475.md
Affected packages
npm / bsock
Package
- Name
- bsock
- View open source insights on deps.dev
- Purl
- pkg:npm/bsock