CNNVD-202506-2928 Information
CNNVD ID
CNNVD-202506-2928
Related CVE
- CNNVD Published: 2025-06-23
Description (Chinese)
Browserify pbkdf2是Browserify开源的一个哈希算法软件 Browserify pbkdf2 3.1.2及之前版本存在安全漏洞,该漏洞源于输入验证不当导致签名欺骗。
Description (English)
Brownserifiy pbkdf2 is a Hashi algorithm from Brownserifi. Brownserify pbkdf2 3.1.2 and previous versions had a security loophole, which stemmed from the signature fraud caused by input error.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Browserify
Published
2025-06-23
Last Modified
2026-02-24
References
https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078 https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6 https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb https://vigilance.fr/vulnerability/pbkdf2-weak-signature-via-Signature-Spoofing-47598 https://access.redhat.com/security/cve/cve-2025-6545
Patch
https://github.com/browserify/pbkdf2/releases/tag/v3.1.3
Share on: