Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.
Published November 19, 2019.
Cookie-signature Project Cookie-signature
Debian Debian Linux