Skip to content

pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos #99

New issue
New issue
Open
Open
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos#99
@pradeepSelfridgeNew

Description

@pradeepSelfridgeNew
pradeepSelfridgeNew
opened on Jul 23, 2025

We got critical vulnerability related to pbkdf2 version. Is it possible to upgrade this version?

Upgrade pbkdf2 to fix [2 Dependabot alerts]( in [package-lock.json]
Upgrade pbkdf2 to version 3.1.3 or later. For example:

"dependencies": {
"pbkdf2": ">=3.1.3"
}
"devDependencies": {
"pbkdf2": ">=3.1.3"
}
Transitive dependency pbkdf2 3.1.2 is introduced via
browserify-sign 4.2.3 ... pbkdf2 3.1.2

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions