VYPR

npm package

secure-compare

pkg:npm/secure-compare

Vulnerabilities (1)

  • CVE-2015-9238MedMay 31, 2018
    affected < 3.0.1fixed 3.0.1

    secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.