VYPR

crates.io package

httpsig

pkg:cargo/httpsig

Vulnerabilities (1)

  • CVE-2025-59058MedSep 12, 2025
    affected < 0.0.19fixed 0.0.19

    httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signa