{"id":"PYSEC-2017-28","details":"python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.","aliases":["CVE-2016-7036","GHSA-w799-prg3-cx77"],"modified":"2023-11-08T03:58:34.199367Z","published":"2017-01-23T21:59:00Z","references":[{"type":"WEB","url":"https://github.com/mpdavis/python-jose/releases/tag/1.3.2"},{"type":"WEB","url":"https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93"},{"type":"WEB","url":"http://www.securityfocus.com/bid/95845"}],"affected":[{"package":{"name":"python-jose","ecosystem":"PyPI","purl":"pkg:pypi/python-jose"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.1.4","0.1.5","0.1.6","0.1.7","0.1.8","0.2.0","0.3.0","0.4.0","0.5.0","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.6.1","0.6.2","0.7.0","1.0.0","1.1.0","1.2.0","1.3.0","1.3.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/python-jose/PYSEC-2017-28.yaml"}}],"schema_version":"1.7.3"}