Lucene search
+L

22 matches found

CVE
CVE
added yesterday29 views

CVE-2026-49852

Summary: CVE-2026-49852 affects the Python library joserfc. Prior to version 1.6.8, joserfc.jwt.decode can accept attacker-forged HS256/HS384/HS512 tokens if the verification key is empty or None, enabling potential authentication bypass when the configured secret resolves to an empty string. The...

8.7CVSS5.3AI score
Exploits0References3
Snyk
Snyk
added 2026/07/02 7:12 p.m.5 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength in the verify process. An attacker can gain unauthorized access and forge arbitrary claims by submitting tokens signed with an empty or null key, which are incorrectly accepted as valid signatures. This is...

8.7CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55459

Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.7 and earlier Description An authentication bypass exists when the verification key provided to joserfc.jwt.decode is an empty string or None. This occurs because the HMACAlgorithm.verify and HMACAlgorithm.sign functions...

8.7CVSS6AI score
Exploits0References15
RedhatCVE
RedhatCVE
added 2026/06/18 5:1 p.m.11 views

CVE-2026-48990

A flaw was found in joserfc, a Python library for JSON Object Signing and Encryption JOSE. This vulnerability allows a remote attacker to cause resource exhaustion, leading to a Denial of Service DoS, by sending oversized JSON Web Signature JWS payloads. The library fails to apply size limits,...

5.3CVSS5.3AI score0.00163EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 10:16 p.m.10 views

UBUNTU-CVE-2026-48990

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 9:8 p.m.26 views

CVE-2026-48990 joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS0.00163EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/05 6:50 a.m.6 views

SUSE CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.8AI score0.00432EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2026/03/04 5:2 a.m.9 views

CVE-2026-27932

A flaw was found in joserfc, a Python library for JSON Object Signing and Encryption JOSE standards. An unauthenticated attacker can cause a Denial of Service DoS by exploiting a resource exhaustion vulnerability. This occurs when the library decrypts a JSON Web Encryption JWE token using...

7.5CVSS5.8AI score0.00432EPSS
Exploits2References2
NVD
NVD
added 2026/03/03 11:15 p.m.15 views

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS0.00432EPSS
Exploits2References2
OSV
OSV
added 2026/03/03 11:15 p.m.7 views

UBUNTU-CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.8AI score0.00432EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/03/03 10:48 p.m.5 views

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS6AI score0.00432EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 10:48 p.m.5 views

CVE-2026-27932 joserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS6AI score0.00432EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/03/03 10:48 p.m.29 views

CVE-2026-27932 joserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS0.00432EPSS
Exploits2References2
OSV
OSV
added 2026/03/03 10:48 p.m.5 views

CVE-2026-27932 joserfc PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.9AI score0.00432EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2026/03/03 10:48 p.m.20 views

CVE-2026-27932

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library...

7.5CVSS5.4AI score0.00432EPSS
Exploits2
OSV
OSV
added 2026/03/02 6:47 p.m.9 views

GHSA-W5R5-M38G-F9F9 joserfc's PBES2 p2c Unbounded Iteration Count enables Denial of Service (DoS)

Summary A resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service DoS via CPU exhaustion. When the library decrypts a JSON Web Encryption JWE token using Password-Based Encryption PBES2 algorithms, it reads the p2c PBES2 Count parameter directl...

7.5CVSS6AI score0.00432EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.4 views

PT-2026-22699

Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.2 and earlier Description joserfc is a Python library implementing JSON Object Signing and Encryption JOSE standards. A resource exhaustion issue in joserfc can lead to a Denial of Service DoS through CPU exhaustion. When...

7.5CVSS5.9AI score0.00432EPSS
Exploits2References27
SUSE CVE
SUSE CVE
added 2025/11/20 12:22 a.m.6 views

SUSE CVE-2025-65015

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS6.6AI score0.00354EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/11/19 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-65015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5...

9.2CVSS5.7AI score0.00354EPSS
Exploits1References2
OSV
OSV
added 2025/11/18 11:15 p.m.5 views

UBUNTU-CVE-2025-65015

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...

9.2CVSS5.7AI score0.00354EPSS
Exploits1References7
Rows per page
Query Builder