CVE-2023-46943: EverShop at risk to unauthorized access via weak HMAC secret
(updated )
An issue was discovered in NPM’s package @evershop/evershop before version 1.0.0-rc.9. The HMAC secret used for generating tokens is hardcoded as “secret”. A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.
References
Detect and mitigate CVE-2023-46943 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →