2 matches found
CVE-2024-21491
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
CVE-2024-21491
SVIX before version 1.17.0 is affected by an authentication bypass vulnerability in the Webhook verification logic. The root cause is an incorrect comparison of signatures of different lengths in the verify function, allowing an attacker to bypass signature verification by supplying a shorter sig...