Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-5vw4-v588-pgv8

Опубликовано: 28 дек. 2022
Источник: github
Github: Прошло ревью
CVSS3: 7.5

Описание

robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.

Ссылки

Пакеты

Наименование

github.com/robbert229/jwt

go
Затронутые версииВерсия исправления

< 0.0.0-20170426191122-ca1404ee6e83

0.0.0-20170426191122-ca1404ee6e83

EPSS

Процентиль: 55%
0.00323
Низкий

7.5 High

CVSS3

CVE ID

CVE-2015-10004

Дефекты

CWE-668

Связанные уязвимости

nvd логотип

CVE-2015-10004

CVSS3: 7.5
nvd
около 3 лет назад

Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.

EPSS

Процентиль: 55%
0.00323
Низкий

7.5 High

CVSS3

CVE ID

CVE-2015-10004

Дефекты

CWE-668