CVE-2023-50475: bsock uses weak hashing algorithms
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.
References
- github.com/advisories/GHSA-jj93-39pf-7mcf
- github.com/bcoin-org/bcoin/blob/master/node_modules/bsock/package.json
- github.com/bcoin-org/bcoin/issues/1174
- github.com/bcoin-org/bsock/blob/master/package.json
- github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50475.md
- nvd.nist.gov/vuln/detail/CVE-2023-50475
Code Behaviors & Features
Detect and mitigate CVE-2023-50475 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →