crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

Description

No description available.

Recommendation

Update the crypto-es package to the latest compatible version. Followings are version details:

• Affected version(s): < 2.1.0
• Patched version(s): 2.1.0

References

• GHSA-mpj8-q39x-wq5h
• CVE-2023-46133
• CWE-327
• CWE-328
• CWE-916
• CAPEC-310
• OWASP 2021-A2
• OWASP 2021-A6

Related Issues

• crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard - CVE-2023-46233
• fast-xml-parser vulnerable to Regex Injection via Doctype Entities - CVE-2023-34104
• plotly.js prototype pollution vulnerability - CVE-2023-46308
• Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect - CVE-2024-30261

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

crypto-es