Severity: moderate

Inadequate Encryption Strength

bcrypt

Overview

In bcrypt (npm package) before version 5.0.0, data is truncated wrong when its length is greater than 255 bytes.

Remediation

Upgrade to version 5.0.0 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Sep 2nd, 2020
  2. reported

    Reported by Anonymous
    Sep 2nd, 2020