CVE-2024-13939

Name of the Vulnerable Software and Affected Versions String::Compare::ConstantTime versions prior to 0.322

Description The issue allows an attacker to guess the length of a secret string through timing attacks. According to the documentation, if the lengths of the strings are different, the size of the secret string may be leaked when the equals function returns false immediately.

Recommendations For versions prior to 0.322, update to version 0.322 or later to resolve the issue. As a temporary workaround, consider implementing additional measures to prevent timing attacks, such as introducing random delays in string comparisons.