SUSE-SU-2021:2010-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: python-JWT was updated to 1.5.3. bsc1186173 update to version 1.5.3: Changed + Increase required version of the cryptography package to =1.4.0. Fixed + Remove uses of deprecated functions from the cryptography package. + Warn about missing...

SUSE: Security Advisory (SUSE-SU-2017:3370-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3407-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

REST API Penetration Testing: Astra

REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically...

openSUSE Security Update : python-PyJWT (openSUSE-2017-1408)

This update for python-PyJWT fixes the following issues : - CVE-2017-12880: fix symmetric/asymmetric confusion when handling PKCS1 public keys bsc1054106 This update was imported from the SUSE:SLE-12-SP1:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

openSUSE Security Update : python3-PyJWT (openSUSE-2017-1178)

This update for python3-PyJWT fixes the following vulnerability : - CVE-2017-11424: Insufficient filtering of PEM encoding public keys allowed for creation of JWTs from scratch boo1054106, with duplicate CVE-2017-12880 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Unspecified vulnerability in pyjwt

Python is the Python Software Foundation of a set of open source , object-oriented programming language.PyJWT is a software developer Jose Padilla developed a JSON Web Token implementation in Python . A security vulnerability exists in PyJWT 1.5.0 and earlier versions. An attacker can exploit thi...

Debian DSA-3979-1 : pyjwt - security update

It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

[SECURITY] [DSA 3979-1] pyjwt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3979-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2017 https://www.debian.org/security/faq -...

DSA-3979-1 pyjwt - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3979-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : PyJWT vulnerability (USN-3407-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3407-1 advisory. It was discovered that a vulnerability in PyJWT doesn't check invalidstrings properly for some public keys. A remote attacker could take advantage of a key...

USN-3407-1: PyJWT vulnerability

It was discovered that a vulnerability in PyJWT doesn't check invalidstrings properly for some public keys. A remote attacker could take advantage of a key confusion to craft JWTs from scratch...

USN-3407-1 pyjwt vulnerability

It was discovered that a vulnerability in PyJWT doesn't check invalidstrings properly for some public keys. A remote attacker could take advantage of a key confusion to craft JWTs from scratch...

CVE-2017-11424

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

PYSEC-2017-24

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

Type confusion

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

DEBIAN-CVE-2017-11424

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

CVE-2017-11424

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

CVE-2017-11424

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...