Lucene search
K

7 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 4:22 p.m.10 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/04 2:31 p.m.8 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.7 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2026/04/16 9:20 a.m.9 views

Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

8.7CVSS6.7AI score0.00269EPSS
Exploits1References4
OSV
OSV
added 2026/04/16 9:19 a.m.5 views

SUSE-SU-2026:1389-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: - CVE-2026-32597: Fixed unknown crit header extensions accepts bsc1259616...

7.5CVSS5.8AI score0.00269EPSS
Exploits1References3
CVE
CVE
added 2026/04/06 5:2 p.m.30 views

CVE-2026-35042

The CVE concerns fast-jwt (up to and including 6.1.0) not validating the RFC 7515 §4.1.11 crit header parameter, causing tokens with an unknown crit extension to be accepted instead of rejected. Affected components are the fast-jwt library (Node.js) and related advisories (GHSA-hm7r-c7qw-ghp6) wi...

7.5CVSS5.9AI score0.00155EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/03 10:1 p.m.14 views

fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)

Summary fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. ---...

7.5CVSS5.9AI score0.00155EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder