CVE-2016-7036

Опубликовано: 23 янв. 2017

Источник: debian

EPSS Низкий

Описание

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

Пакет	Статус	Версия исправления	Релиз	Тип
python-jose	not-affected			package

https://github.com/mpdavis/python-jose/commit/89b46353b9f611e9da38de3d2fedf52331167b93 (1.3.2)

EPSS

Процентиль: 61%

0.00417

Низкий

CVE-2016-7036

CVSS3: 9.8

nvd

около 9 лет назад

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

GHSA-w799-prg3-cx77

CVSS3: 9.8

github

больше 3 лет назад

python-jose failure to use a constant time comparison for HMAC keys

EPSS

Процентиль: 61%

0.00417

Низкий