VYPR

CWE-1254

Incorrect Comparison Logic Granularity

BaseDraft

Description

The product's comparison logic is performed over a series of steps rather than across the entire string in one operation. If there is a comparison logic failure on one of these steps, the operation may be vulnerable to a timing attack that can result in the interception of the process for nefarious purposes.

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-26

CVEs mapped to this weakness (6)

  • CVE-2016-6582CriJan 23, 2017
    risk 0.60cvss 9.1epss 0.05

    The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

  • CVE-2026-34572HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.01

    CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deactivated. Due to a…

  • CVE-2026-34570HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.01

    CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immediately revoke active user sessions when an account is deleted. Due to a logic…

  • CVE-2015-8857CriJan 23, 2017
    risk 0.57cvss 9.8epss 0.04

    The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.

  • CVE-2026-28929HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Replying to an email could display remote images in Mail in Lockdown Mode.

  • CVE-2026-27007Feb 19, 2026
    risk 0.00cvss epss 0.00

    OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when…