exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

bind: "CVE-2022-29217"

exploitDog

bind: "CVE-2022-29217"

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 13

Количество 13

CVE-2022-29217

почти 4 года назад

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

CVSS3: 7.4

EPSS: Низкий

CVE-2022-29217

почти 4 года назад

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

CVSS3: 7.5

EPSS: Низкий

CVE-2022-29217

почти 4 года назад

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.

CVSS3: 7.4

EPSS: Низкий

CVE-2022-29217

почти 4 года назад

Key confusion through non-blocklisted public key formats in PyJWT

CVSS3: 7.5

EPSS: Низкий

CVE-2022-29217

почти 4 года назад

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple ...

CVSS3: 7.4

EPSS: Низкий

SUSE-SU-2023:0794-1

около 3 лет назад

Security update for python-PyJWT

EPSS: Низкий

SUSE-SU-2022:3545-1

больше 3 лет назад

Security update for python-PyJWT

EPSS: Низкий

SUSE-SU-2022:2403-1

больше 3 лет назад

Security update for python-PyJWT

EPSS: Низкий

SUSE-SU-2022:2402-1

больше 3 лет назад

Security update for python-PyJWT

EPSS: Низкий

SUSE-SU-2022:2401-1

больше 3 лет назад

Security update for python-PyJWT

EPSS: Низкий

GHSA-ffqj-6fqr-9h24

почти 4 года назад

Key confusion through non-blocklisted public key formats

CVSS3: 7.4

EPSS: Низкий

BDU:2023-07829

почти 4 года назад

Уязвимость реализации JWT в Python PyJWT, связанная с использованием криптографических алгоритмов, содержащих дефекты, позволяющая нарушителю оказать воздействие на целостность данных

CVSS3: 7.5

EPSS: Низкий

ROS-20240911-10

больше 1 года назад

Уязвимость python3-jwt

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.	CVSS3: 7.4	0% Низкий	почти 4 года назад
	CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.	CVSS3: 7.5	0% Низкий	почти 4 года назад
	CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.	CVSS3: 7.4	0% Низкий	почти 4 года назад
	CVE-2022-29217 Key confusion through non-blocklisted public key formats in PyJWT	CVSS3: 7.5	0% Низкий	почти 4 года назад
	CVE-2022-29217 PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple ...	CVSS3: 7.4	0% Низкий	почти 4 года назад
	SUSE-SU-2023:0794-1 Security update for python-PyJWT		0% Низкий	около 3 лет назад
	SUSE-SU-2022:3545-1 Security update for python-PyJWT		0% Низкий	больше 3 лет назад
	SUSE-SU-2022:2403-1 Security update for python-PyJWT		0% Низкий	больше 3 лет назад
	SUSE-SU-2022:2402-1 Security update for python-PyJWT		0% Низкий	больше 3 лет назад
	SUSE-SU-2022:2401-1 Security update for python-PyJWT		0% Низкий	больше 3 лет назад
	GHSA-ffqj-6fqr-9h24 Key confusion through non-blocklisted public key formats	CVSS3: 7.4	0% Низкий	почти 4 года назад
	BDU:2023-07829 Уязвимость реализации JWT в Python PyJWT, связанная с использованием криптографических алгоритмов, содержащих дефекты, позволяющая нарушителю оказать воздействие на целостность данных	CVSS3: 7.5	0% Низкий	почти 4 года назад
	ROS-20240911-10 Уязвимость python3-jwt	CVSS3: 7.5	0% Низкий	больше 1 года назад

Уязвимостей на страницу