Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
h3 has an observable timing discrepancy in basic auth utils
Vulnerability Description
H3 is a minimal H(TTP) framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison (!==). This allows an attacker to deduce the valid password character-by-character by measuring the server's response time, effectively bypassing password complexity protections. This issue is fixed in version 2.0.1-rc.9.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
H3 安全漏洞
Vulnerability Description
H3是H3开源的一个HTTP框架。 H3 2.0.1-beta.0至2.0.0-rc.8版本存在安全漏洞,该漏洞源于requireBasicAuth函数使用不安全的字符串比较,可能导致时序侧信道攻击。
CVSS Information
N/A
Vulnerability Type
N/A