VDB
KO
MEDIUM 5.9

GHSA-5wg4-74h6-q47v

Integer Overflow or Wraparound and Use of a Broken or Risky Cryptographic Algorithm in bcrypt

Details

In bcrypt (npm package) before version 5.0.0, data is truncated wrong when its length is greater than 255 bytes.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / bcrypt
Introduced in: 0 Fixed in: 5.0.0
Fix npm install bcrypt@5.0.0

References