4 matches found
PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes
!NOTE The library does not directly return non-HTTPS URI contents to the attacker; the chained "plant a JWKS to forge tokens" scenario described in the original report requires additional application-layer flaws attacker write access to a filesystem path, untrusted jku derivation that this fix do...
CVE-2026-48522 PyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemes
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...
CVE-2007-3576
Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the 1 vbscript: handler for scheme names with 7 through 9 characters, and the 2 javascript: handler for scheme names with 10 or more characters, which might all...
PT-2007-4832 · Microsoft · Internet Explorer 6
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 6 Description: The issue allows remote attackers to bypass certain XSS protection schemes by executing web script from URIs of arbitrary scheme names ending with the "script" character sequence. This is done using...