Lucene search
K

13 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:42 a.m.3 views

SUSE CVE-2017-11424

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

7.5CVSS7.6AI score0.01804EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2023/01/24 2:31 a.m.6 views

K000132202: PyJWT vulnerability CVE-2017-11424

Security Advisory Description In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is...

7.5CVSS6.9AI score0.01804EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/13 1:42 a.m.4 views

airavata-custos-portal (>=0.0.1 <=0.0.6), airavata-custos-portal-sdk (=0.0.1) +27 more potentially affected by CVE-2017-11424 via pyjwt (>=0.2.1 <=1.5.0)

pyjwt PYPI version =0.2.1, =0.0.1, =1.0.9, =1.0.2, =0.10.0, =0.0.1, =0.5.0, =0.1.1, =1.0.0a2, =0.4.15, =2.1.0, =0.1.1, =1.0.2, =1.3.2 - dv-pyclient =0.1.15 and more Source cves: CVE-2017-11424 Source advisory: OSV:GHSA-R9JW-MWHQ-WP62...

7.5CVSS7AI score0.01804EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-3407-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01804EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/10/23 12:0 a.m.30 views

openSUSE Security Update : python3-PyJWT (openSUSE-2017-1178)

This update for python3-PyJWT fixes the following vulnerability : - CVE-2017-11424: Insufficient filtering of PEM encoding public keys allowed for creation of JWTs from scratch boo1054106, with duplicate CVE-2017-12880 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

7.5CVSS7.2AI score0.01804EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/09/28 12:0 a.m.23 views

Fedora Update for python-jwt FEDORA-2017-b9f07dfaca

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01804EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/09/25 12:0 a.m.26 views

Fedora 26 : python-jwt (2017-b9f07dfaca)

Upgrade to 1.5.3 and also note that 1.5.1 fixed CVE-2017-11424. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

7.5CVSS7.4AI score0.01804EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/09/20 12:0 a.m.25 views

Debian DSA-3979-1 : pyjwt - security update

It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

7.5CVSS7.5AI score0.01804EPSS
Exploits0References4
Debian
Debian
added 2017/09/19 8:55 p.m.18 views

[SECURITY] [DSA 3979-1] pyjwt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3979-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2017 https://www.debian.org/security/faq -...

7.5CVSS7.4AI score0.01804EPSS
Exploits0
OpenVAS
OpenVAS
added 2017/09/18 12:0 a.m.15 views

Debian: Security Advisory (DSA-3979-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.01804EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2017/08/24 4:29 p.m.4 views

airavata-custos-portal (>=0.0.1 <=0.0.6), airavata-custos-portal-sdk (=0.0.1) +27 more potentially affected by CVE-2017-11424 via pyjwt (>=0.2.1 <=1.5.0)

pyjwt PYPI version =0.2.1, =0.0.1, =1.0.9, =1.0.2, =0.10.0, =0.0.1, =0.5.0, =0.1.1, =1.0.0a2, =0.4.15, =2.1.0, =0.1.1, =1.0.2, =1.3.2 - dv-pyclient =0.1.15 and more Source cves: CVE-2017-11424 Source advisory: OSV:PYSEC-2017-24...

7.5CVSS7AI score0.01804EPSS
Exploits0
CVE
CVE
added 2017/08/24 4:0 p.m.150 views

CVE-2017-11424

CVE-2017-11424 affects PyJWT 1.5.0 and earlier, where the invalid_strings check in HMACAlgorithm.prepare_key fails to account for all PEM public-key formats (notably PKCS1 PEM prefixed with -----BEGIN RSA PUBLIC KEY-----), enabling key confusion attacks that could let an attacker craft JWTs from ...

7.5CVSS7.2AI score0.01804EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/08/16 2:0 p.m.62 views

CVE-2017-12880

PyJWT CVE-2017-12880 concerns symmetric/asymmetric key confusion when handling PKCS1 PEM public keys. Connected advisories note the issue is fixed in PyJWT updates (openSUSE/SUSE advisories) and that CVE-2017-12880 is referenced alongside CVE-2017-11424 (duplicate). The available documents do not...

7.3AI score
Exploits0
Rows per page
Query Builder