Homepage

fastapi-api-key@0.4.0 vulnerabilities

fastapi-api-key provides secure, production-ready API key management for FastAPI. It offers pluggable hashing strategies (Argon2 or bcrypt), backend-agnostic persistence (currently SQLAlchemy), and an optional cache layer (aiocache). Includes a Typer CLI and a FastAPI router for CRUD management of keys.

  • latest version

    1.1.0

  • latest non vulnerable version

    1.1.0

  • first published

    3 months ago

  • latest version published

    10 days ago

  • licenses detected

  • View fastapi-api-key package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the fastapi-api-key package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Timing Attack

    fastapi-api-key is a fastapi-api-key provides secure, production-ready API key management for FastAPI. It offers pluggable hashing strategies (Argon2 or bcrypt), backend-agnostic persistence (currently SQLAlchemy), and an optional cache layer (aiocache). Includes a Typer CLI and a FastAPI router for CRUD management of keys.

    Affected versions of this package are vulnerable to Timing Attack via the verify_key function. An attacker can determine the validity of API keys by measuring response times and performing statistical analysis of the observed timing discrepancies. This can accelerate brute-force or enumeration attacks against the authentication mechanism.

    How to fix Timing Attack?

    Upgrade fastapi-api-key to version 1.1.0 or higher.

    [,1.1.0)
    Go back to all versions of this package