5 matches found
CVE-2026-33129
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
CVE-2026-33129
The CVE-2026-33129 entry is linked to a timing side-channel vulnerability (GHSA-26F5-8H2X-34XH) in a h3/basic auth utility. The issue resides in the requireBasicAuth function, where a password comparison uses a timing-sensitive !== operation, allowing an attacker to infer the valid password chara...
CVE-2026-33129
H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...
PT-2026-26193
Summary A Timing Side-Channel vulnerability exists in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server's response time, effectively bypassing password complexity...
EUVD-2023-0882
Malicious code in bioql PyPI...