Skip to content

Vulnerability in pbkdf dependency #252

Description

@hughie-ada

The vulnerability is pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos, advisory here. This affects all versions below 3.1.3. The most recent version of crypto-browserify (3.12.1) uses pbkdf v3.1.2.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions