273 matches found
USN-5526-2 pyjwt regression
USN-5526-1 fixed vulnerabilities in PyJWT. Unfortunately this caused a regression by incrementing the internal package version number on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Aapo Oksman discovered that PyJWT incorrectly...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in PyJWT
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of PyJWT. Vulnerability Details CVEID:CVE-2022-29217 DESCRIPTION: PyJWT could allow a remote attacker to bypass security restrictions, caused by the key confusion through non-blocklisted public key formats. By...
Ubuntu: Security Advisory (USN-5526-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5526-1: PyJWT vulnerability
Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : PyJWT vulnerability (USN-5526-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5526-1 advisory. Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to for...
SUSE SLED15 / SLES15 Security Update : python-PyJWT (SUSE-SU-2022:2402-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2402-1 advisory. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an...
SUSE SLES15 Security Update : python-PyJWT (SUSE-SU-2022:2403-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2403-1 advisory. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting t...
SUSE: Security Advisory (SUSE-SU-2022:2403-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:2402-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : python-PyJWT (SUSE-SU-2022:2401-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2401-1 advisory. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting t...
SUSE: Security Advisory (SUSE-SU-2022:2401-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for python-PyJWT (SUSE-SU-2022:2402-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE-SU-2022:2403-1 Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format bsc1199756...
SUSE-SU-2022:2402-1 Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format bsc1199756...
SUSE-SU-2022:2401-1 Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed key confusion through non-blocklisted public key format bsc1199756...
Mageia: Security Advisory (MGASA-2022-0244)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2022-0244 Updated python-pyjwt packages fix security vulnerability
An attacker submitting the JWT token can choose the used signing algorithm CVE-2022-29217...
Key confusion through non-blocklisted public key formats in PyJWT
...
Authentication Bypass
pyjwt is vulnerable to authentication bypass. The vulnerability exists because the library permits an attacker submitting a JWT token to choose which algorithms are used when signing in, enabling non-blocklisted, but weak public key formats to be supported in the authentication process allowing a...
00-merlin-hu-mcpdemo-pipy (>=0.1.0 <=0.1.1), 00-renjing-mcp-server-pypi (=0.1.0) +37574 more potentially affected by CVE-2022-29217 via pyjwt (>=1.5.0 <=2.3.0)
pyjwt PYPI version =1.5.0, =0.1.0, =0.1.0, =0.1.6, =0.1.2, =0.1.1, =0.1.0, =0.1.0, =0.6.1 and more Source cves: CVE-2022-29217 Source advisory: OSV:GHSA-FFQJ-6FQR-9H24...