CVE-2016-7036

NONE EPSS 79.4%
Published Jan 23, 20179y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jan 23, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

Threat Intelligence

EPSS Exploit Probability
79.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-361

Affected Products 1

VendorProductVersionRange
python-jose_projectpython-jose* ≤1.3.1

References 3

  • securityfocus.com http://www.securityfocus.com/bid/95845
  • github.com https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/mpdavis/python-jose/releases/tag/1.3.2
    Issue TrackingPatchThird Party Advisory

Remediation

  • github.com https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/mpdavis/python-jose/releases/tag/1.3.2
    Issue TrackingPatchThird Party Advisory