VYPR

npm package

@fastify/bearer-auth

pkg:npm/%40fastify/bearer-auth

Vulnerabilities (1)

  • CVE-2022-31142Jul 14, 2022
    affected < 7.0.2fixed 7.0.2

    @fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corres