PT-2017-9074 · Python · Python-Jose

Michael Davis

Publicado

2017-01-23

Atualizado

2022-05-17

CVE-2016-7036

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions python-jose versions prior to 1.3.2

Description The issue allows attackers to have an unspecified impact by leveraging the failure to use a constant time comparison for HMAC keys.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

CVE-2016-7036

GHSA-W799-PRG3-CX77

PYSEC-2017-28

Python-Jose