In PyJWT 1.5.0 and below the invalid_strings
check in HMACAlgorithm.prepare_key
does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY-----
which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 8.0 | |
debian_linux | eq | 9.0 | |
pyjwt | le | 1.5.0 |