First published: Tue Feb 06 2024(Updated: )
The `Webhook::verify` function incorrectly compared signatures of different lengths - the two signatures would only be compared up to the length of the shorter signature. This allowed an attacker to pass in `v1,` as the signature, which would always pass verification.
Affected Software | Affected Version | How to fix |
---|---|---|
rust/svix | <1.17.0 | 1.17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.