Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "node-cookie-signature", "binary_version": "1.1.0-2" } ] }