CVE-2024-47178

About vulnerability

basic-auth-connect is Connect’s Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.

Affected product:

Acorn , Express , Next.js , Node.js , basic-auth-connect , connect , conventional-changelog , conventional-changelog-core , get-pkg-repo , hawk , https-proxy-agent , meow , ms , protractor , release-notes-generator , request , semantic-release , send , trim-newlines

Affected packages:

basic-auth-connect @ 1.0.0 (+32 more)

basic-auth-connect is Connect’s Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.