Securely Verifying Signature Hashes
A friend of mine shared this link with me the other day, about CVE-2022-43412. The issue disclosed in that CVE is that Jenkins Generic Webhook Trigger Plugin was using a non-constant time comparison function when checking whether the provided and exp...
svix.hashnode.dev5 min read