exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

bind: "CVE-2022-29217"

exploitDog

bind: "CVE-2022-29217"

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 13

Количество 13

CVE-2022-29217

около 3 лет назад

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

CVSS3: 7.4

EPSS: Низкий

CVE-2022-29217

около 3 лет назад

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

CVSS3: 7.5

EPSS: Низкий

CVE-2022-29217

около 3 лет назад

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

CVSS3: 7.4

EPSS: Низкий

CVE-2022-29217

около 3 лет назад

CVSS3: 7.5

EPSS: Низкий

CVE-2022-29217

около 3 лет назад

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple ...

CVSS3: 7.4

EPSS: Низкий

SUSE-SU-2023:0794-1

больше 2 лет назад

Security update for python-PyJWT

EPSS: Низкий

SUSE-SU-2022:3545-1

больше 2 лет назад

Security update for python-PyJWT

EPSS: Низкий

SUSE-SU-2022:2403-1

почти 3 года назад

Security update for python-PyJWT

EPSS: Низкий

SUSE-SU-2022:2402-1

почти 3 года назад

Security update for python-PyJWT

EPSS: Низкий

SUSE-SU-2022:2401-1

почти 3 года назад

Security update for python-PyJWT

EPSS: Низкий

GHSA-ffqj-6fqr-9h24

около 3 лет назад

Key confusion through non-blocklisted public key formats

CVSS3: 7.4

EPSS: Низкий

BDU:2023-07829

около 3 лет назад

Уязвимость реализации JWT в Python PyJWT, связанная с использованием криптографических алгоритмов, содержащих дефекты, позволяющая нарушителю оказать воздействие на целостность данных

CVSS3: 7.5

EPSS: Низкий

ROS-20240911-10

10 месяцев назад

Уязвимость python3-jwt

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.	CVSS3: 7.4	0% Низкий	около 3 лет назад
	CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.	CVSS3: 7.5	0% Низкий	около 3 лет назад
	CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.	CVSS3: 7.4	0% Низкий	около 3 лет назад
	CVE-2022-29217	CVSS3: 7.5	0% Низкий	около 3 лет назад
	CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple ...	CVSS3: 7.4	0% Низкий	около 3 лет назад
	SUSE-SU-2023:0794-1 Security update for python-PyJWT		0% Низкий	больше 2 лет назад
	SUSE-SU-2022:3545-1 Security update for python-PyJWT		0% Низкий	больше 2 лет назад
	SUSE-SU-2022:2403-1 Security update for python-PyJWT		0% Низкий	почти 3 года назад
	SUSE-SU-2022:2402-1 Security update for python-PyJWT		0% Низкий	почти 3 года назад
	SUSE-SU-2022:2401-1 Security update for python-PyJWT		0% Низкий	почти 3 года назад
	GHSA-ffqj-6fqr-9h24 Key confusion through non-blocklisted public key formats	CVSS3: 7.4	0% Низкий	около 3 лет назад
	BDU:2023-07829 Уязвимость реализации JWT в Python PyJWT, связанная с использованием криптографических алгоритмов, содержащих дефекты, позволяющая нарушителю оказать воздействие на целостность данных	CVSS3: 7.5	0% Низкий	около 3 лет назад
	ROS-20240911-10 Уязвимость python3-jwt	CVSS3: 7.5	0% Низкий	10 месяцев назад

Уязвимостей на страницу