Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
{ "binaries": [ { "binary_version": "1.0.3-1", "binary_name": "node-cookie-signature" } ] }
{ "binaries": [ { "binary_version": "1.0.3-1ubuntu1", "binary_name": "node-cookie-signature" } ] }