93 matches found
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
Linux Distros Unpatched Vulnerability : CVE-2025-61152
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craf...
SUSE CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
DEBIAN-CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
UBUNTU-CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
CVE-2025-61152
Removed by vendor...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
CVE-2025-61152
The vulnerability CVE-2025-61152 affects python-jose up to version 3.3.0. It allows JWT tokens signed with alg=none to be decoded and accepted without cryptographic signature verification, enabling a forged token with arbitrary claims (e.g., is_admin=true) and bypassing authentication in applicat...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
PT-2025-41563
Name of the Vulnerable Software and Affected Versions python-jose versions through 3.3.0 Description The software accepts JWT tokens with 'alg=none' without cryptographic signature verification. This allows a malicious actor to create forged tokens with arbitrary claims, potentially bypassing...
EUVD-2017-0109
Malware in sbrugna...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose. Vulnerability Details CVEID:CVE-2024-33664 DESCRIPTION: python-jose is vulnerable to a denial of service, caused by a flaw in the decode function. By sending a specially crafted JSON Web Encryption JWE token...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote attacker to bypass security restrictions, caused by a flaw when the algorithm field is left unspecified when calling...
Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
python-jose: algorithm confusion with OpenSSH ECDSA keys and other key formats
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
openSUSE 15 Security Update : python-python-jose (openSUSE-SU-2024:0149-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0149-1 advisory. - CVE-2024-33664: Fixed a denial of service via decoding of a JSON Web Encryption token with a high compression ratio boo1223422 Tenable has extracted th...
openSUSE Security Advisory (openSUSE-SU-2024:0149-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2024:0149-1 Security update for python-python-jose
This update for python-python-jose fixes the following issues: - CVE-2024-33664: Fixed a denial of service via decoding of a JSON Web Encryption token with a high compression ratio boo1223422...