VYPR

npm package

fastify-bearer-auth

pkg:npm/fastify-bearer-auth

Vulnerabilities (1)

  • CVE-2022-31142Jul 14, 2022
    affected >= 5.0.1, <= 6.0.3

    @fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corres