Homepage

twilio@3.4.4 vulnerabilities

Twilio API client and TwiML generator

  • latest version

    9.6.1

  • latest non vulnerable version

    9.6.1

  • first published

    15 years ago

  • latest version published

    3 days ago

  • licenses detected

  • View twilio package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the twilio package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Timing Attack

    twilio is a Twilio API client and TwiML generator.

    Affected versions of this package are vulnerable to Timing Attacks. twilio.util.RequestValidator uses == to compare signatures, and this operation is designed to return a value as quickly as possible, meaning the signature check will take a variable amount of time based on how "correct" the submitted signature is. An attacker can use this timing information to determine the correct signature, one character at a time.

    [3.0.0,3.5.0)
    Go back to all versions of this package