Go modules package
github.com/robbert229/jwt
pkg:golang/github.com/robbert229/jwt
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-10004 | — | < 0.0.0-20170426191122-ca1404ee6e83 | 0.0.0-20170426191122-ca1404ee6e83 | Dec 27, 2022 | Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC. |
- CVE-2015-10004Dec 27, 2022affected < 0.0.0-20170426191122-ca1404ee6e83fixed 0.0.0-20170426191122-ca1404ee6e83
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.