3 matches found
Security Bulletin: Authlib JOSE Denial of Service via Unbounded JWS or JWT Header and Signature Parsing, affects watsonx.data
Summary Authlib versions before 1.6.5 are vulnerable to a denial-of-service attack where oversized JWS/JWT headers or signatures consume excessive CPU and memory during parsing. The issue is fixed in 1.6.5, temporary mitigations include enforcing token size limits and request throttling. This can...
CVE-2025-61920 vulnerabilities
Vulnerabilities for packages: mlflow...
aad-fastapi-dl37 (>=1.0.0 <=1.0.2), agentiq (>=1.2.0a20250730 <=1.2.0rc4) +209 more potentially affected by CVE-2025-61920 via authlib (>=1.0.0 <=1.6.4)
authlib PYPI version =1.0.0, =1.0.0, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-61920 Source advisory:...