An issue was discovered in the sodiumoxide crate starting with 0.2.0 and prior to 0.2.5 for Rust. generichash::Digest::eq
compares itself to itself and thus has degenerate security properties.
{ "nvd_published_at": null, "cwe_ids": [ "CWE-697" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2021-08-19T21:20:40Z" }