Malcolm Fell jwt is vulnerable to timing attacks. The library does not compare hashes in constant time, which allows malicious users to use the timing of the request to progressively identify a valid hash.
CPE | Name | Operator | Version |
---|---|---|---|
emarref/jwt | le | 1.0.2 |