reports/GO-2020-0023.yaml - vulndb - Git at Google

 module: github.com/robbert229/jwt
 versions:
   - fixed: v0.0.0-20170426191122-ca1404ee6e83
 description: |
     Token validation methods are susceptible to a timing side-channel
     during HMAC comparison. With a large enough number of requests
     over a low latency connection, an attacker may use this to determine
     the expected HMAC.
 symbols:
   - Algorithm.validateSignature
 links:
     commit: https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654
     context:
       - https://github.com/robbert229/jwt/issues/12
	module: github.com/robbert229/jwt
	versions:
	- fixed: v0.0.0-20170426191122-ca1404ee6e83
	description: \|
	Token validation methods are susceptible to a timing side-channel
	during HMAC comparison. With a large enough number of requests
	over a low latency connection, an attacker may use this to determine
	the expected HMAC.
	symbols:
	- Algorithm.validateSignature
	links:
	commit: https://github.com/robbert229/jwt/commit/ca1404ee6e83fcbafb66b09ed0d543850a15b654
	context:
	- https://github.com/robbert229/jwt/issues/12