CVE-2016-7036

Critical

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

redhat·CWE-361·Published 2017-01-23

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

139 chars

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

NVDen

139 chars

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

OSV.deven

139 chars

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

GHSAen

139 chars

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

NVDes

194 chars

python-jose en versiones anteriores a 1.3.2 permite a atacantes remotos tener un impacto no especificado aprovechando un fallo para utilizar una comparación de tiempo constante para teclas HMAC.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.0	Primary	NVD	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H