Download
| Alert*
oval:org.secpod.oval:def:602152
python3-jwt is installed oval:org.secpod.oval:def:602147 Tim McLean discovered that pyjwt, a Python implementation of JSON Web Token, would try to verify an HMAC signature using an RSA or ECDSA public key as secret. This could allow remote attackers to trick applications expecting tokens signed with asymmetric keys, into accepting arbitrary tokens. For mo ... oval:org.secpod.oval:def:41841 pyjwt: Python implementation of JSON Web Token PyJWT could be made to crash if it received specially crafted input. oval:org.secpod.oval:def:53137 It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. oval:org.secpod.oval:def:603106 It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. oval:org.secpod.oval:def:51529 pyjwt: Python implementation of JSON Web Token PyJWT could be made to crash if it received specially crafted input. |