Description
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Mailster Cross-Site Scripting (1.5.4.0)
Magento CVE-2020-9631 Vulnerability (CVE-2020-9631)
WordPress Plugin Sticky Related Posts Cross-Site Scripting (1.0)
Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-9937)
WordPress Plugin Accept Stripe Donation-AidWP Cross-Site Request Forgery (3.1.5)