PYSEC-2017-28

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/python-jose/PYSEC-2017-28.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2017-28
Aliases
Published
2017-01-23T21:59:00Z
Modified
2023-11-08T03:58:34.199367Z
Summary
[none]
Details

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

References

Affected packages

PyPI / python-jose

Package

Name
python-jose
View open source insights on deps.dev
Purl
pkg:pypi/python-jose

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.2

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.2.0
0.3.0
0.4.0
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.6.1
0.6.2
0.7.0

1.*

1.0.0
1.1.0
1.2.0
1.3.0
1.3.1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/python-jose/PYSEC-2017-28.yaml"