Description
secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length.
Remediation
References
https://github.com/vdemedes/secure-compare/pull/1
https://nodesecurity.io/advisories/50
Related Vulnerabilities
CVE-2023-3276 Vulnerability in maven package cn.hutool:hutool-core
CVE-2020-2269 Vulnerability in maven package org.jenkins-ci.plugins:chosen-views-tabbar
CVE-2017-16020 Vulnerability in npm package summit
CVE-2022-41937 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui
CVE-2018-10054 Vulnerability in maven package com.h2database:h2