24 matches found
SUSE CVE-2026-33204
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204
A flaw was found in SimpleJWT, a PHP library for JSON Web Tokens. An unauthenticated attacker can exploit this vulnerability by tampering with JSON Web Encryption JWE headers when Password-Based Key Derivation Function 2 PBES2 algorithms are in use. This can lead to a Denial of Service DoS if an...
CVE-2026-33204
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204
CVE-2026-33204 affects the PHP library SimpleJWT prior to v1.1.1. An unauthenticated attacker can trigger a Denial of Service by tampering JWE headers when PBES2 algorithms are used, causing excessive PBKDF2 iterations during JWE::decrypt() on attacker-controlled JWEs. The issue is fixed in v1.1....
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
SimpleJWT 资源管理错误漏洞
SimpleJWT is a JSON Web Token library written in PHP by Kelvin Mo as a personal project. Versions of SimpleJWT prior to 1.1.1 contained a resource management vulnerability. This vulnerability arises from the use of the PBES2 algorithm, allowing unauthenticated attackers to perform denial-of-servi...
PT-2026-26212
Summary An unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are affected. Details PHP version: PHP 8.4.11 SimpleJWT version: v1.1.0 The relevant...
Security update for python-djangorestframework-simplejwt (moderate)
openSUSE Security Update: Security update for python-djangorestframework-simplejwt Announcement ID: openSUSE-SU-2025:0425-1 Rating: moderate References: 1221568 Cross-References: CVE-2024-22513 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now availabl...
OPENSUSE-SU-2025:15699-1 python311-djangorestframework-simplejwt-5.5.1-1.1 on GA media
These are all security issues fixed in the python311-djangorestframework-simplejwt-5.5.1-1.1 package on the GA media of openSUSE Tumbleweed...
Django REST Framework SimpleJWT 5.3.1 Information Disclosure
Exploit Title: djangorestframework-simplejwt 5.3.1 - Information Disclosure Date: 26/01/2024 Exploit Author: Dhrumil Mistry dmdhrumilmistry Vendor Homepage: https://github.com/jazzband/djangorestframework-simplejwt/ Software...
SUSE CVE-2024-22513
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
CVE-2024-22513
A flaw was found in djangorestframework-simplejwt. Affected versions of this package are vulnerable to information disclosure. This flaw allows a user to access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
Improper Privilege Management in djangorestframework-simplejwt
djangorestframework-simplejwt before version 5.5.1 is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
alcali (>=2018.3.1 <=3006.3.0), arccanet (>=0.0.1 <=0.0.7) +68 more potentially affected by CVE-2024-22513 via djangorestframework-simplejwt (>=4.3.0 <=5.5.0)
djangorestframework-simplejwt PYPI version =4.3.0, =2018.3.1, =0.0.1, =0.0.6, =0.0.8, =1.0.0, =0.0.3, =1.0.0, =0.1.7, =0.4.0, =0.0.1, =1.0.1, =1.0.0, =1.0.0, =0.2.1, =1.0.0, =1.3.8 and more Source cves: CVE-2024-22513 Source advisory: OSV:GHSA-5VCC-86WM-547Q...
GHSA-5VCC-86WM-547Q Improper Privilege Management in djangorestframework-simplejwt
djangorestframework-simplejwt before version 5.5.1 is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
CVE-2024-22513
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
UBUNTU-CVE-2024-22513
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...
CVE-2024-22513
djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the foruser method...