Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-45768

Опубликовано: 31 июл. 2025
Источник: debian
EPSS Низкий

Описание

pyjwt v2.10.1 was discovered to contain weak encryption.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pyjwtunfixedpackage

Примечания

  • disputed upstream

  • The "insufficient key length" seems to refer to the fact that pyjwt does not enforce that a key

  • Generating a key of insufficient length for the purpose you want to use it for is a user problem.

  • A library may not decide that my key length is insufficient, as it has no way to determine what the goal of my token is.

  • https://github.com/jpadilla/pyjwt/issues/1080

  • https://github.com/advisories/GHSA-xpf8-484v-j9w6

  • https://github.com/jpadilla/pyjwt/security/advisories/GHSA-72ff-rqxp-4hrh

EPSS

Процентиль: 1%
0.00012
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-45768

CVSS3: 7
ubuntu
22 дня назад

pyjwt v2.10.1 was discovered to contain weak encryption.

redhat логотип

CVE-2025-45768

CVSS3: 5.6
redhat
23 дня назад

pyjwt v2.10.1 was discovered to contain weak encryption.

nvd логотип

CVE-2025-45768

CVSS3: 7
nvd
22 дня назад

pyjwt v2.10.1 was discovered to contain weak encryption.

github логотип

GHSA-xpf8-484v-j9w6

CVSS3: 7
github
22 дня назад

pyjwt v2.10.1 was discovered to contain weak encryption.

EPSS

Процентиль: 1%
0.00012
Низкий