CRITICAL
Python Jose Project
CVE published 2017-01-23
CVE-2016-7036
CVE-2016-7036 is a critical vulnerability in python-jose affecting versions through 1.3.1. The issue is described as a failure to use a constant-time comparison for HMAC keys, which can create an information-leak or authentication weakness depending on how the library is used. NVD rates the issue CVSS 9.8, with network attackability, no privileges required, no user interaction, and high confidentiality, i [truncated]