Candidate: CVE-2016-1000236
PublicDate: 2019-11-19 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000236
 https://nodesecurity.io/advisories/134
Description:
 Node-cookie-signature before 1.0.6 is affected by a timing attack due to
 the type of comparison used.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838618
Priority: negligible
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N [4.4 MEDIUM]

Patches_node-cookie-signature:
 upstream: https://github.com/tj/node-cookie-signature/commit/39791081692e9e14aa62855369e1c7f80fbfd50e
upstream_node-cookie-signature: needs-triage
precise_node-cookie-signature: DNE
precise/esm_node-cookie-signature: DNE
trusty_node-cookie-signature: ignored (reached end-of-life)
trusty/esm_node-cookie-signature: DNE (trusty was needed)
vivid/stable-phone-overlay_node-cookie-signature: DNE
vivid/ubuntu-core_node-cookie-signature: DNE
xenial_node-cookie-signature: ignored (end of standard support, was needed)
yakkety_node-cookie-signature: ignored (reached end-of-life)
zesty_node-cookie-signature: ignored (reached end-of-life)
artful_node-cookie-signature: ignored (reached end-of-life)
bionic_node-cookie-signature: needed
cosmic_node-cookie-signature: ignored (reached end-of-life)
disco_node-cookie-signature: not-affected (1.1.0-1)
eoan_node-cookie-signature: not-affected (1.1.0-2)
focal_node-cookie-signature: not-affected (1.1.0-2)
groovy_node-cookie-signature: not-affected (1.1.0-2)
hirsute_node-cookie-signature: not-affected (1.1.0-2)
impish_node-cookie-signature: not-affected (1.1.0-2)
jammy_node-cookie-signature: not-affected (1.1.0-2)
devel_node-cookie-signature: not-affected (1.1.0-2)