Websockets Project - Websockets CVE

Filtered by vendor Websockets Project Subscribe

Filtered by product Websockets

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-33880	2 Oracle, Websockets Project	5 Communications Cloud Native Core Policy, Communications Cloud Native Core Security Edge Protection Proxy, Communications Cloud Native Core Service Communication Proxy and 2 more	2022-05-12	2.6 LOW	5.9 MEDIUM
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.

Vulnerabilities (CVE)