3 matches found
com.datasqrl:sqrl-discovery (>=0.7.0 <=0.8.7), com.datasqrl:sqrl-planner (>=0.7.0 <=0.8.7) +20 more potentially affected by CVE-2025-59432 via com.ongres.scram:scram-common (>=3.0 <=3.1)
com.ongres.scram:scram-common MAVEN version =3.0, =0.7.0, =0.7.0, =0.7.0, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =1.0.0, =3.0, =2.4.0-RC1, =2.4.0-rc1 and more Source cves: CVE-2025-59432 Source advisory: SNYK:JAVA-COMONGRESSCRAM-12818392...
com.datasqrl:sqrl-discovery (>=0.7.0 <=0.8.7), com.datasqrl:sqrl-planner (>=0.7.0 <=0.8.7) +20 more potentially affected by CVE-2025-59432 via com.ongres.scram:scram-common (>=3.0 <=3.1)
com.ongres.scram:scram-common MAVEN version =3.0, =0.7.0, =0.7.0, =0.7.0, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =0.3.124, =1.0.0, =3.0, =2.4.0-RC1, =2.4.0-rc1 and more Source cves: CVE-2025-59432 Source advisory: OSV:GHSA-3WFH-36RX-9537...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the verifyClientProof function which use Arrays.equals function. An attacker can infer sensitive authentication material by exploiting timing differences during the comparison of secret values. Remediation Upgrade...