CVE-2023-46943

Name of the Vulnerable Software and Affected Versions @evershop/evershop versions prior to 1.0.0-rc.8

Description An issue was discovered in NPM's package @evershop/evershop where the HMAC secret used for generating tokens is hardcoded as "secret". This poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.

Recommendations For versions prior to 1.0.0-rc.8, update to version 1.0.0-rc.8 or later to resolve the issue. As a temporary workaround, consider regenerating the HMAC secret with a secure, randomly generated value to prevent attackers from creating valid JSON Web Tokens (JWTs).