Shrine
Monthly
In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.