High severityNVD Advisory· Published Jun 6, 2021· Updated Aug 4, 2024
CVE-2021-33880
CVE-2021-33880
Description
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
websocketsPyPI | < 9.1 | 9.1 |
Affected products
2- aaugustin/websockets library for Pythondescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-8ch4-58qp-g3mpghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-33880ghsaADVISORY
- github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0ghsax_refsource_MISCWEB
- github.com/pypa/advisory-database/tree/main/vulns/websockets/PYSEC-2021-95.yamlghsaWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB
- www.oracle.com/security-alerts/cpujan2022.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.