CVE-2015-10004

CVE-2015-10004 corresponds to a timing side-channel vulnerability in the token validation path of the github.com/robbert229/jwt library. The underlying issue is a flawed HMAC comparison that leaks timing information, enabling an attacker to infer the expected HMAC with a high likelihood under a h...