Critical severity9.1NVD Advisory· Published Dec 9, 2024· Updated Apr 15, 2026
CVE-2024-53441
CVE-2024-53441
Description
An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cookie-encrypternpm | <= 1.0.1 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-h63v-hw6g-x8hpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-53441ghsaADVISORY
- crypto.stackexchange.com/questions/66085/bit-flipping-attack-on-cbc-modeghsaWEB
- gist.github.com/mathysEthical/f45f1503f87381090e38a33c50eec971nvdWEB
- github.com/ebourmalo/cookie-encrypter/issues/9ghsaWEB
- mathys.reboux.pro/CVE/2024/53441nvdWEB
News mentions
0No linked articles in our index yet.