Medium severity5.3NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2015-9238
CVE-2015-9238
Description
secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
secure-comparenpm | < 3.0.1 | 3.0.1 |
Affected products
2- HackerOne/secure-compare node modulev5Range: <=3.0.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-h9x2-5rm7-x4gmghsaADVISORY
- github.com/vdemedes/secure-compare/pull/1nvdThird Party AdvisoryWEB
- nodesecurity.io/advisories/50nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2015-9238ghsaADVISORY
- github.com/vadimdemedes/secure-compare/commit/dd1ff1ac0122de7e0af4f00c61ed73261062394aghsaWEB
- www.npmjs.com/advisories/50ghsaWEB
News mentions
0No linked articles in our index yet.