basic-auth-connect <1.1.0 uses a timing-unsafe equality comparison that can leak timing information
this issue has been fixed in basic-auth-connect 1.1.0
{ "nvd_published_at": "2024-09-30T16:15:09Z", "cwe_ids": [ "CWE-208" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-09-30T17:48:29Z" }