Critical severity9.8NVD Advisory· Published Jan 23, 2017· Updated Jun 17, 2026
CVE-2016-7036
CVE-2016-7036
Description
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-josePyPI | < 1.3.2 | 1.3.2 |
Affected products
2- cpe:2.3:a:python-jose_project:python-jose:*:*:*:*:*:*:*:*Range: <=1.3.1
Patches
Vulnerability mechanics
References
8- github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/mpdavis/python-jose/releases/tag/1.3.2nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-w799-prg3-cx77ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-7036ghsaADVISORY
- github.com/mpdavis/python-jose/commit/73007d6887a7517ac07c6e755e494baee49ef513ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/python-jose/PYSEC-2017-28.yamlghsaWEB
- web.archive.org/web/20210123221523/http://www.securityfocus.com/bid/95845ghsaWEB
- www.securityfocus.com/bid/95845nvd
News mentions
0No linked articles in our index yet.