VYPR

libmojo-jwt-perl

by Debian

CVEs (1)

  • CVE-2026-9537Jul 18, 2026
    risk 0.00cvss epss

    Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison. The decode() method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differing byte, so the comparison time varies…