Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-47178

Oct. 4, 2024, 1:51 p.m.

Tags

security-advisories@github.com
CWE-208
2024-09-30
CVE-2024-47178

Product(s) Impacted

basic-auth-connect

  • <1.1.0

Description

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect < 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0.

Weaknesses

CWE-208
Observable Timing Discrepancy

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

CWE ID: 208

Date

Published: Sept. 30, 2024, 4:15 p.m.

Last Modified: Oct. 4, 2024, 1:51 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

References

https://github.com/ security-advisories@github.com
https://github.com/ security-advisories@github.com