CVE-2016-9243: HKDF might return an empty byte-string
(updated )
There’s a bug where HKDF would return an empty byte-string if used with a length less than algorithm.digest_size
.
References
Detect and mitigate CVE-2016-9243 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →