crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Description

No description available.

Recommendation

Update the crypto-es package to the latest compatible version. Followings are version details:

• Affected version(s): < 2.1.0
• Patched version(s): 2.1.0

References

• GHSA-mpj8-q39x-wq5h
• CVE-2023-46133
• CWE-327
• CWE-328
• CWE-916
• CAPEC-310
• OWASP 2021-A2
• OWASP 2021-A6

Related Issues

• crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard - CVE-2023-46233
• Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect - CVE-2024-30261
• Follow Redirects improperly handles URLs in the url.parse() function - CVE-2023-26159
• PostCSS line return parsing error - CVE-2023-44270

Tags:

npm

crypto-es