blob: 3992e0af09582457721c18e5b966fd906f5fd420 [file] [log] [blame]
packages:
- module: github.com/robbert229/jwt
symbols:
- Algorithm.validateSignature
versions:
- fixed: 0.0.0-20170426191122-ca1404ee6e83
description: |
Token validation methods are susceptible to a timing side-channel
during HMAC comparison. With a large enough number of requests
over a low latency connection, an attacker may use this to determine
the expected HMAC.
published: 2021-04-14T20:04:52Z
links:
commit: https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654
context:
- https://github.com/robbert229/jwt/issues/12