Download
| Alert*
oval:org.secpod.oval:def:109230
python-jwt is installed oval:org.secpod.oval:def:602151 python-jwt is installed oval:org.secpod.oval:def:602147 Tim McLean discovered that pyjwt, a Python implementation of JSON Web Token, would try to verify an HMAC signature using an RSA or ECDSA public key as secret. This could allow remote attackers to trick applications expecting tokens signed with asymmetric keys, into accepting arbitrary tokens. For mo ... oval:org.secpod.oval:def:109229 A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties encoded as digitally signed and encrypted JSON objects. oval:org.secpod.oval:def:109234 A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties encoded as digitally signed and encrypted JSON objects. oval:org.secpod.oval:def:19500138 A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signing algorithm, leading to key confusion through non-blocklisted public key formats oval:org.secpod.oval:def:122357 A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties encoded as digitally signed and encrypted JSON objects. oval:org.secpod.oval:def:122407 A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties encoded as digitally signed and encrypted JSON objects. oval:org.secpod.oval:def:41841 pyjwt: Python implementation of JSON Web Token PyJWT could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:603106 It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. oval:org.secpod.oval:def:113551 A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties encoded as digitally signed and encrypted JSON objects. oval:org.secpod.oval:def:53137 It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. oval:org.secpod.oval:def:113250 A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties encoded as digitally signed and encrypted JSON objects. oval:org.secpod.oval:def:51529 pyjwt: Python implementation of JSON Web Token PyJWT could be made to crash if it received specially crafted input. |