CVE-2016-7036
NONE EPSS 79.4%
Published Jan 23, 20179y ago · Modified Jun 17, 20262w ago
Published Jan 23, 2017 9y ago
Last Modified Jun 17, 2026 2w ago
Description
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
Threat Intelligence
EPSS Exploit Probability
79.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-361
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| python-jose_project | python-jose | * | ≤1.3.1 |
References 3
- securityfocus.com http://www.securityfocus.com/bid/95845
- github.com https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93
- github.com https://github.com/mpdavis/python-jose/releases/tag/1.3.2
Remediation
- github.com https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93
- github.com https://github.com/mpdavis/python-jose/releases/tag/1.3.2