Query PR
github/codeql#8686
Language
Java
CVE(s) ID list
CVE-2021-38153
CVE-2021-31404
CWE
CWE-208
Report
A constant-time algorithm should be used for checking the value of info. In other words, the comparison time should not depend on the content of the input, Otherwise, an attacker may be able to implement a timing attacks that may reveal the value of sensitive info
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
Query PR
github/codeql#8686
Language
Java
CVE(s) ID list
CVE-2021-38153
CVE-2021-31404
CWE
CWE-208
Report
A constant-time algorithm should be used for checking the value of info. In other words, the comparison time should not depend on the content of the input, Otherwise, an attacker may be able to implement a timing attacks that may reveal the value of sensitive info
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response