2 matches found
OESA-2024-2443 python-jwcrypto security update
Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: VUL-0: CVE-2022-3102: python-jwcrypto: jwcrypto token substitution can lead to authentication bypassCVE-2022-3102 JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6...
CVE-2022-3102
CVE-2022-3102 affects the jwcrypto library, where the JWT/JWE handling can allow token substitution that may lead to authentication or authorization bypass. The issue arises from jwcrypto’s ability to auto-detect token types (JWS vs JWE) and, under certain conditions, substitute a signed JWS with...