Headline

GHSA-5vw4-v588-pgv8: robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.

2 years ago

ghsa

Open in Source

#mac #git

robbert229/jwt’s token validation methods vulnerable to a timing side-channel during HMAC comparison

Moderate severity GitHub Reviewed Published Dec 28, 2022 • Updated Dec 30, 2022

2 years ago

CVE

Open in Source

#vulnerability #mac #git

ghsa: Latest News

GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

13 hours ago

ghsa

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

14 hours ago

ghsa

GHSA-6r2x-8pq8-9489: Electron vulnerable to Heap Buffer Overflow in NativeImage

14 hours ago

ghsa

GHSA-v8fr-vxmw-6mf6: Mattermost Incorrect Authorization vulnerability

14 hours ago

ghsa

GHSA-wgvp-jj4w-88hf: Mattermost Incorrect Authorization vulnerability

14 hours ago

ghsa

Headline

GHSA-5vw4-v588-pgv8: robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison

Related news

ghsa: Latest News