NotCVE - vendor:"Python-jose Project" product:"Python-jose" version:" <= 1.3.1"

1 results (0.002 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-7036

https://notcve.org/view.php?id=CVE-2016-7036

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. python-jose en versiones anteriores a 1.3.2 permite a atacantes remotos tener un impacto no especificado aprovechando un fallo para utilizar una comparación de tiempo constante para teclas HMAC. • http://www.securityfocus.com/bid/95845 https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93 https://github.com/mpdavis/python-jose/releases/tag/1.3.2 • CWE-361: 7PK - Time and State •