MiracleLinux 8 : java-11-openjdk-11.0.11.0.9-0.el8 (AXSA:2021-1704:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1704:08 advisory. OpenJDK: Incomplete enforcement of JAR signing disabled algorithms 8249906 CVE-2021-2163 Tenable has extracted the preceding description block directly from...

MiracleLinux 8 : java-1.8.0-openjdk-1.8.0.292.b10-0.el8 (AXSA:2021-1703:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1703:07 advisory. OpenJDK: Incomplete enforcement of JAR signing disabled algorithms 8249906 CVE-2021-2163 Tenable has extracted the preceding description block directly from...

EUVD-2022-0213

Malicious code in bioql PyPI...

Imperva API Security: Authentication Risk Report—Key Findings & Fixes

An in-depth analysis of common JSON Web Token JWT mistakes, basic auth, long-lived tokens, and quick, high-impact fixes to secure your APIs . Introduction APIs are the backbone of modern digital services—from mobile apps and e-commerce to banking and IoT. That scale and utility also make them pri...

Security update for rekor

This update for rekor fixes the following issues: CVE-2023-45288: rekor: golang.org/x/net/http2: Fixed close connections when receiving too many headers bsc1236519 CVE-2024-6104: rekor: hashicorp/go-retryablehttp: Fixed sensitive information disclosure inside log file bsc1227053 CVE-2025-22868:...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-PyJWT (SUSE-SU-2023:0794-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0794-1 advisory. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : PyJWT vulnerability (USN-5526-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5526-1 advisory. Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to for...

CVE-2022-29217

A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signing algorithm, leading to key confusion through non-blocklisted public key formats...

GHSA-FFQJ-6FQR-9H24 Key confusion through non-blocklisted public key formats

Impact What kind of vulnerability is it? Who is impacted? Disclosed by Aapo Oksman Senior Security Specialist, Nixu Corporation. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requir...

Key confusion through non-blocklisted public key formats

Impact What kind of vulnerability is it? Who is impacted? Disclosed by Aapo Oksman Senior Security Specialist, Nixu Corporation. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requir...

DEBIAN-CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

PYSEC-2022-202

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

PYSEC-2022-202

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

CVE-2022-29217 Key confusion through non-blocklisted public key formats in PyJWT

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

CVE-2022-29217 Key confusion through non-blocklisted public key formats in PyJWT

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...

OpenJDK: missing algorithm restrictions for jar verification (Libraries, 8155973)

It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for JAR integrity verification. This flaw could allow an attacker to modify content of the JAR file that used weak signing key or hash algorithm...