VYPR

@fastify/bearer-auth

by Fastify

Source repositories

CVEs (1)

  • CVE-2022-31142Jul 14, 2022
    risk 0.00cvss epss 0.01

    @fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the…