CVE-2021-33880 in Websocketsproject and Oracle Products
Published on June 6, 2021

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.

NVD

Products Associated with CVE-2021-33880

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-33880 are published in these products:

Websocketsproject Websockets

Oracle Communications Cloud Native Core Security Edge Protection Proxy

Oracle Communications Cloud Native Core Service Communication Proxy

Oracle Communications Cloud Native Core Unified Data Repository

Oracle Communications Cloud Native Core Policy

Exploit Probability

EPSS

0.19%

Percentile

41.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-33880 in Websocketsproject and Oracle ProductsPublished on June 6, 2021

Products Associated with CVE-2021-33880

Exploit Probability

CVE-2021-33880 in Websocketsproject and Oracle Products
Published on June 6, 2021