Описание
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.
A flaw was found in the basic-auth-connect package. Affected versions use a timing-unsafe equality comparison that can potentially leak timing information.
Отчет
Red Hat Fuse 7 will reach the end of maintenance support in June 2024. For More Info Please Visit: https://access.redhat.com/announcements/7023424 https://access.redhat.com/support/policy/updates/jboss_notes
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | basic-auth-connect | Out of support scope |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.
basic-auth-connect's callback uses time unsafe string comparison
5.3 Medium
CVSS3