Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/03/20 9:41 a.m.22 views

CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

5.9CVSS0.00319EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

H3 安全漏洞

H3 is an open-source HTTP framework developed by H3. Versions of H3 from 2.0.1-beta.0 to 2.0.0-rc.8 contain security vulnerabilities. These vulnerabilities stem from the use of insecure string comparisons in the requireBasicAuth function, which may lead to timing side-channel attacks...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/18 4:17 p.m.3 views

Timing Attack

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Timing Attack via the requireBasicAuth function. An attacker can recover valid authentication credentials by measuring response times and deducin...

8.2CVSS5.8AI score0.00319EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:17 p.m.5 views

Timing Attack

Overview h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Timing Attack via the requireBasicAuth function. An attacker can recover valid authentication credentials by measuring response times and deducing password...

8.2CVSS5.8AI score0.00319EPSS
Exploits1References2
Rows per page
Query Builder