Описание
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 2 года назад
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
CVSS3: 9.8
nvd
почти 2 года назад
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
CVSS3: 9.8
debian
почти 2 года назад
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authe ...