CVE-2023-40021 — Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator (`==`), which is not safe against timing attacks. By repe — CVE Database · The Intelligence Room