Описание
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE |
Показывать по
10
EPSS
Процентиль: 22%
0.00072
Низкий
9.8 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
почти 2 года назад
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
CVSS3: 9.8
debian
почти 2 года назад
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authe ...
CVSS3: 9.8
github
почти 2 года назад
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
EPSS
Процентиль: 22%
0.00072
Низкий
9.8 Critical
CVSS3