PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

CVE-2024-53861 vulnerabilities

Vulnerabilities for packages: barman, py3-pyjwt, az...

CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

CVE-2024-53861 vulnerabilities

Vulnerabilities for packages: az, py3-pyjwt...

Incorrect Comparison

Overview Affected versions of this package are vulnerable to Incorrect Comparison due to an incorrect string comparison in the iss verification process. Remediation Upgrade pyjwt to version 2.10.1 or higher. References - GitHub Commit - Vulnerable Code...

CVE-2024-53861 Issuer field partial matches allowed in pyjwt

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

CVE-2024-53861

CVE-2024-53861 (pyjwt) : A defect in pyjwt caused by changing the iss check from a list-inclusive approach to a Sequence-based isinstance check; since str is a Sequence, the code may incorrectly evaluate string containment and permit certain values (e.g., "abc" in "abcd "), effectively altering t...

CVE-2024-53861 Issuer field partial matches allowed in pyjwt

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

Incorrect Comparison

Overview PyJWT is a Python implementation of RFC 7519. Affected versions of this package are vulnerable to Incorrect Comparison due to an incorrect string comparison in the iss verification process. Remediation Upgrade PyJWT to version 2.10.1 or higher. References - GitHub Commit - Vulnerable Cod...

CVE-2024-53861

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

CVE-2024-53861 Issuer field partial matches allowed in pyjwt

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

pyjwt 安全漏洞

pyjwt is a Python library by the individual developer José Padilla in the United States. It allows encoding and decoding of JSON Web Tokens JWT. A security vulnerability exists in pyjwt version 2.10.0, which stems from an incorrect string comparison being run against the iss check, resulting in a...

PT-2024-35959

Name of the Vulnerable Software and Affected Versions: pyjwt versions 2.10.0 through 2.10.0 Description: An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for " abc ". This is a bug introduced in version 2.10.0, where the "iss" claim checking changed from...

ROS-20240911-10

A vulnerability in the Python PyJWT implementation of JWT is related to the lack of locking of some public key formats. key formats. Exploitation of the vulnerability allows an attacker acting remotely to affect the data integrity...

OPENSUSE-SU-2024:12139-1 python310-PyJWT-2.4.0-1.1 on GA media

These are all security issues fixed in the python310-PyJWT-2.4.0-1.1 package on the GA media of openSUSE Tumbleweed...

commonground-api-common unexploitable privilege escalation in JWT authentication middleware

Impact This is a privilege escalation vulnerability. The impact is negligible and entirely theoretical. A non-exploitable weakness was found in how the client-supplied JWTs are verified. Because an explicit allow-list of known algorithms is used in the PyJWT library, user-supplied invalid...

PT-2024-40234 · Unknown +1 · Vng-Api-Common +1

Name of the Vulnerable Software and Affected Versions: vng-api-common versions prior to 1.12.2 Description: This issue is related to a privilege escalation vulnerability, although its impact is negligible and entirely theoretical. It involves the verification of client-supplied JSON Web Tokens JW...

The vulnerability of the JWT implementation in Python PyJWT, related to the use of cryptographic algorithms containing defects, allows attackers to compromise the integrity of the data.

The vulnerability of the JWT implementation in Python PyJWT is related to the absence of blocking for certain formats of the secret key. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the data...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary IBM has addressed multiple vulnerabilities in IBM Spectrum Discover. Webpack loader-utils CVE-2022-37601 is vulnerable to execute arbitrary code on the system caused by a pollution flaw in parseQuery function. OpenStack Keystone CVE-2021-3563 is vulnerable to bypass security restriction...