Lucene search
GoogleOSV:PYSEC-2017-28HistoryJan 23, 2017 - 9:59 p.m.
PYSEC-2017-28
2017-01-2321:59:00
Google
osv.dev
6
0.003 Low
EPSS
Percentile
70.5%
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
| CPE | Name | Operator | Version |
|---|---|---|---|
| python-jose | eq | 0.1.3 | |
| python-jose | eq | 0.1.1 | |
| python-jose | eq | 0.5.0 | |
| python-jose | eq | 1.3.0 | |
| python-jose | eq | 1.2.0 | |
| python-jose | eq | 1.3.1 | |
| python-jose | eq | 0.2.0 | |
| python-jose | eq | 0.1.4 | |
| python-jose | eq | 1.1.0 | |
| python-jose | eq | 0.1.8 |
Related
debiancve
debiancve
CVE-2016-7036
2017-01-23 21:59:02
github
github
python-jose failure to use a constant time comparison for HMAC keys
2022-05-17 03:02:29
veracode
veracode
Timing Attack Via Authentication
2017-01-24 02:22:04
osv
osv
python-jose failure to use a constant time comparison for HMAC keys
2022-05-17 03:02:29
CVE-2016-7036
2017-01-23 21:59:02
cvelist
cvelist
CVE-2016-7036
2017-01-23 21:00:00
cve
cve
CVE-2016-7036
2017-01-23 21:59:02
nvd
nvd
CVE-2016-7036
2017-01-23 21:59:02
prion
prion
Code injection
2017-01-23 21:59:00