Количество 5
Количество 5
CVE-2024-37568
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)
CVE-2024-37568
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)
CVE-2024-37568
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...
SUSE-SU-2024:2064-1
Security update for python-Authlib
GHSA-5357-c2jx-v7qh
Authlib has algorithm confusion with asymmetric public keys
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-37568 lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.) | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | CVE-2024-37568 lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.) | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
| CVE-2024-37568 lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ... | CVSS3: 7.5 | 0% Низкий | больше 1 года назад |
 | SUSE-SU-2024:2064-1 Security update for python-Authlib | 0% Низкий | больше 1 года назад | |
| GHSA-5357-c2jx-v7qh Authlib has algorithm confusion with asymmetric public keys | CVSS3: 7.4 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу