Lucene search
K

148 matches found

Cvelist
Cvelist
added 2024/06/09 12:0 a.m.31 views

CVE-2024-37568

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

0.00382EPSS
Exploits1References4
CVE
CVE
added 2024/06/09 12:0 a.m.98 views

CVE-2024-37568

Technical details for CVE-2024-37568 are not publicly available in the provided documents. Monitor for updates from upstream and security advisories.

7.5CVSS7.4AI score0.00382EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/05/07 3:58 p.m.5 views

OPENSUSE-SU-2024:0118-1 Security update for python-python-jose

This update for python-python-jose fixes the following issues: CVE-2024-33663: Fixed algorithm confusion with OpenSSH ECDSA keys and other key formats boo1223417...

6.5CVSS6.8AI score0.00307EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2024/04/26 6:4 a.m.54 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

7.5CVSS7.3AI score0.012EPSS
Exploits1References3
OSV
OSV
added 2024/04/26 12:30 a.m.67 views

GHSA-6C5P-J8VQ-PQHJ python-jose algorithm confusion with OpenSSH ECDSA keys

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

9.3CVSS7AI score0.00307EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/04/26 12:30 a.m.152 views

python-jose algorithm confusion with OpenSSH ECDSA keys

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS7.1AI score0.00307EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2024/04/26 12:15 a.m.7 views

PYSEC-2024-232

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS7AI score0.00307EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/04/26 12:15 a.m.13 views

PYSEC-2024-232

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS7.5AI score0.00307EPSS
Exploits1References3
OSV
OSV
added 2024/04/26 12:15 a.m.41 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS7.4AI score0.00307EPSS
Exploits1References2
NVD
NVD
added 2024/04/26 12:15 a.m.54 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS7.4AI score0.00307EPSS
Exploits1References2
OSV
OSV
added 2024/04/26 12:15 a.m.1 views

DEBIAN-CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS6.5AI score0.00307EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2024/04/26 12:15 a.m.53 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS6.8AI score0.00307EPSS
Exploits1References2
OSV
OSV
added 2024/04/26 12:15 a.m.1 views

UBUNTU-CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS6.7AI score0.00307EPSS
Exploits1References3
CVE
CVE
added 2024/04/25 12:0 a.m.159 views

CVE-2024-33663

CVE-2024-33663 concerns python-jose up to version 3.3.0, where an algorithm confusion occurs between OpenSSH ECDSA keys and other key formats. The issue, described across multiple feeds (CNNVD, Debian tracker, CVE lists), is analogous to CVE-2022-29217 and is framed as a key-format/algorithm conf...

6.5CVSS7.3AI score0.00307EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/25 12:0 a.m.35 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.7AI score0.00307EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.4 views

PT-2024-4195 · Unknown +2 · Python-Jose +2

Name of the Vulnerable Software and Affected Versions: python-jose versions 3.3.0 and earlier Description: The issue is related to algorithm confusion with OpenSSH ECDSA keys and other key formats in the python-jose component. It is associated with the definition of a prefix blacklist for OpenSSH...

9.3CVSS6.6AI score0.00783EPSS
Exploits2References29
Cvelist
Cvelist
added 2024/04/25 12:0 a.m.80 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

7.6AI score0.00307EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/04/25 12:0 a.m.31 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS7.2AI score0.00307EPSS
Exploits1
Veracode
Veracode
added 2023/11/21 7:14 a.m.49 views

JSON Web Token (JWT) Algorithm Confusion

fast-jwt is vulnerable to JWT Algorithm Confusion. The vulnerability is caused by a missing validation on publicKeyPemMatcher constant defined in fast-jwt/src/crypto.js which is used to match all common PEM formats for public keys. An attacker can craft a malicious JWT token utilizing the HS256...

5.9CVSS7AI score0.00687EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2023/11/20 8:58 p.m.41 views

GHSA-C2FF-88X2-X9PG JWT Algorithm Confusion

Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a...

5.9CVSS5.6AI score0.00687EPSS
Exploits1References6
Rows per page
Query Builder