Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
{ "ubuntu_priority": "negligible" }
{ "binaries": [ { "binary_name": "node-cookie-signature", "binary_version": "1.1.0-2" } ], "availability": "No subscription required", "ubuntu_priority": "negligible" }