You must log in or register to comment.
Summary copy pasta
A critical vulnerability in the pbkdf2 library affecting versions 3.0.10 through 3.1.2. The vulnerability involves improper input validation that can cause browserifying code to silently generate zero-filled cryptographic keys instead of proper ones, particularly when used in environments different from Node.js or test settings.
So pretty bad. 8.1 out of ten for setting your crypto keys to match the US nuclear arsenal in the 80s
Paywalled.
Sorry. It was not paywalled for me when I first saw. More info from different source: https://feedly.com/cve/CVE-2025-6545