httpsig-rs 安全漏洞

httpsig-rs is a Rust library developed by Jun Kurihara. Versions of httpsig-rs prior to 0.0.23 contained security vulnerabilities. These vulnerabilities stemmed from the misuse of the Digest header validation mechanism’s matches! macro, which could potentially allow incorrect validation successes...

CVE-2025-59058

httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version...

CVE-2025-59058 httpsig-rs's HMAC verification is vulnerable to timing attack

httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version...

httpsig-rs 安全漏洞

httpsig-rs is a Rust library by Jun Kurihara Personal Developer. A security vulnerability exists in versions prior to httpsig-rs 0.0.19, which stems from an HMAC signature comparison that does not utilize a temporal security approach, which could lead to an attacker forging a signature...