Critical severityNVD Advisory· Published Jan 13, 2024· Updated Aug 30, 2024
CVE-2023-46943
CVE-2023-46943
Description
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@evershop/evershopnpm | < 1.0.0-rc.9 | 1.0.0-rc.9 |
Affected products
2- @evershop/evershopdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-32r3-57hp-cgfwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-46943ghsaADVISORY
- advisory.checkmarx.net/advisory/CVE-2023-46943ghsaWEB
- devhub.checkmarx.com/cve-details/CVE-2023-46943ghsaWEB
- github.com/evershopcommerce/evershop/commit/96d9ca3e024e0b63c538911e4a914df3d287cc9fghsaWEB
- advisory.checkmarx.net/advisory/CVE-2023-46943/mitre
- devhub.checkmarx.com/cve-details/CVE-2023-46943/mitre
News mentions
0No linked articles in our index yet.