136 matches found
UBUNTU-CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
CVE-2024-33663
CVE-2024-33663 concerns python-jose up to version 3.3.0, where an algorithm confusion occurs between OpenSSH ECDSA keys and other key formats. The issue, described across multiple feeds (CNNVD, Debian tracker, CVE lists), is analogous to CVE-2022-29217 and is framed as a key-format/algorithm conf...
CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
PT-2024-4195 · Unknown +2 · Python-Jose +2
Name of the Vulnerable Software and Affected Versions: python-jose versions 3.3.0 and earlier Description: The issue is related to algorithm confusion with OpenSSH ECDSA keys and other key formats in the python-jose component. It is associated with the definition of a prefix blacklist for OpenSSH...
CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
JSON Web Token (JWT) Algorithm Confusion
fast-jwt is vulnerable to JWT Algorithm Confusion. The vulnerability is caused by a missing validation on publicKeyPemMatcher constant defined in fast-jwt/src/crypto.js which is used to match all common PEM formats for public keys. An attacker can craft a malicious JWT token utilizing the HS256...
JWT Algorithm Confusion
Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a...
GHSA-C2FF-88X2-X9PG JWT Algorithm Confusion
Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a...
CVE-2023-48223
fast-jwt provides fast JSON Web Token JWT implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. ...
Type confusion
fast-jwt provides fast JSON Web Token JWT implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. ...
CVE-2023-48223 fast-jwt JWT Algorithm Confusion
fast-jwt provides fast JSON Web Token JWT implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. ...
CVE-2023-48223 fast-jwt JWT Algorithm Confusion
fast-jwt provides fast JSON Web Token JWT implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. ...
CVE-2023-48223
fast-jwt prior to v3.3.2 contains a publicKeyPemMatcher bug that fails to cover all PEM formats for public keys, enabling an algorithm-confusion attack (HS256 signed with an RSA public key) when RS256 is used and the verifier does not explicitly specify an algorithm. A patch in v3.3.2 fixes this ...
PT-2023-30740
Name of the Vulnerable Software and Affected Versions fast-jwt versions prior to 3.3.2 Description The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats...
GHSA-4XW9-CX39-R355 json-web-token library is vulnerable to a JWT algorithm confusion attack
Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To...
json-web-token library is vulnerable to a JWT algorithm confusion attack
Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To...
CVE-2023-48238
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...
CVE-2023-48238
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...