12 matches found
EUVD-2024-0546
Malicious code in bioql PyPI...
CVE-2024-21491
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
GHSA-747X-5M58-MQ97 svix vulnerable to Authentication Bypass
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
svix vulnerable to Authentication Bypass
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
CVE-2024-21491
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
Authentication flaw
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
CVE-2024-21491
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
CVE-2024-21491
SVIX before version 1.17.0 is affected by an authentication bypass vulnerability in the Webhook verification logic. The root cause is an incorrect comparison of signatures of different lengths in the verify function, allowing an attacker to bypass signature verification by supplying a shorter sig...
svix Security Vulnerabilities
svix is an enterprise Webhook service. A security vulnerability exists in svix versions prior to 1.17.0 that stems from a vulnerability to an authentication bypass attack, which can be exploited by an attacker to bypass signature verification by providing a shorter signature that matches the...
Duplicate Advisory: Svix vulnerable to improper comparison of different-length signatures
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-747x-5m58-mq97. This link is maintained to preserve external references. Original Description The Webhook::verify function incorrectly compared signatures of different lengths - the two signatures would only be...
GHSA-W277-WPQF-RCFV Duplicate Advisory: Svix vulnerable to improper comparison of different-length signatures
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-747x-5m58-mq97. This link is maintained to preserve external references. Original Description The Webhook::verify function incorrectly compared signatures of different lengths - the two signatures would only be...
PT-2024-18907 · Svix · Svix
Name of the Vulnerable Software and Affected Versions: svix versions prior to 1.17.0 Description: The issue arises from an incorrect comparison of signatures of different lengths in the verify function, allowing an attacker to bypass signature verification by providing a shorter signature that...