Unknown · Httpsig-Rs · CVE-2025-59058
Name of the Vulnerable Software and Affected Versions:
httpsig-rs versions prior to 0.0.19
Description:
httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. The HMAC signature comparison is not timing-safe in versions prior to 0.0.19, potentially allowing an attacker to forge a signature.
Recommendations:
Update to version 0.0.19 or later.