blob: 34ba025cf94aad301d0cb889a049803bfea6acd0 [file] [log] [blame]
module: github.com/robbert229/jwt
versions:
- fixed: v0.0.0-20170426191122-ca1404ee6e83
description: |
Token validation methods are susceptible to a timing side-channel
during HMAC comparison. With a large enough number of requests
over a low latency connection, an attacker may use this to determine
the expected HMAC.
published: 2021-04-14T12:00:00Z
symbols:
- Algorithm.validateSignature
links:
commit: https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654
context:
- https://github.com/robbert229/jwt/issues/12