Observable Timing Discrepancy
The aaugustin websockets library for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled. An attacker may be able to guess a password via a timing attack.
The aaugustin websockets library for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled. An attacker may be able to guess a password via a timing attack.
websockets improperly handles highly compressed data in Servers and clients unless configured with compression=None. This vulnerability can result in a Denial of Service by memory exhaustion.