Untriaged
On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.
References
- https://github.com/browserify/pbkdf2/security/advisories/GHSA-v62p-rq8g-8h59 third-party-advisory
- https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdd… patch
- https://github.com/browserify/pbkdf2/security/advisories/GHSA-v62p-rq8g-8h59 third-party-advisory
- https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdd… patch
Affected products
pbkdf2
- ==>= 1 <=3.1.2
- ==<=3.1.2
Matching in nixpkgs
pkgs.fastpbkdf2
Fast PBKDF2-HMAC-{SHA1,SHA256,SHA512} implementation in C
-
nixos-unstable -
- nixpkgs-unstable 1.0.0
pkgs.python312Packages.pbkdf2
None
-
nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3
pkgs.python313Packages.pbkdf2
None
-
nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3
pkgs.python312Packages.fastpbkdf2
Python bindings for fastpbkdf2
-
nixos-unstable -
- nixpkgs-unstable fastpbkdf2-0.2
pkgs.python313Packages.fastpbkdf2
Python bindings for fastpbkdf2
-
nixos-unstable -
- nixpkgs-unstable fastpbkdf2-0.2
pkgs.chickenPackages_5.chickenEggs.pbkdf2
Password-Based Key Derivation Function as defined in RFC2898
-
nixos-unstable -
- nixpkgs-unstable pbkdf2-1.3
Package maintainers
-
@ledif Adam Fidel <refuse@gmail.com>
-
@jqueiroz Jonathan Queiroz <nixos@johnjq.com>