Lucene search
K

50 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2025/04/12 12:0 a.m.10 views

python311-PyJWT-2.10.1-2.1 on GA media (moderate)

python311-PyJWT-2.10.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:14987-1 Rating: moderate Cross-References: CVE-2022-29217 CVSS scores: CVE-2022-29217 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

7.5CVSS7.3AI score0.012EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-29217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choos...

7.5CVSS7.1AI score0.012EPSS
Exploits0References2
Mageia
Mageia
added 2024/06/25 4:12 p.m.56 views

Updated python-authlib packages fix security vulnerability

Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...

7.5CVSS7.2AI score0.00382EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.17 views

RHEL 9 : python-jwt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-jwt: Key confusion through non-blocklisted public key formats CVE-2022-29217 Note that Nessus has not tested...

7.5CVSS7.3AI score0.012EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.81 views

RHEL 8 : python-jwt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-jwt: Key confusion through non-blocklisted public key formats CVE-2022-29217 Note that Nessus has not tested...

7.5CVSS7.6AI score0.012EPSS
Exploits0References1
OSV
OSV
added 2024/04/26 12:30 a.m.69 views

GHSA-6C5P-J8VQ-PQHJ python-jose algorithm confusion with OpenSSH ECDSA keys

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

9.3CVSS7AI score0.00307EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/04/26 12:30 a.m.152 views

python-jose algorithm confusion with OpenSSH ECDSA keys

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS7.1AI score0.00307EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/04/26 12:15 a.m.14 views

PYSEC-2024-232

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS7.5AI score0.00307EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2024/04/26 12:15 a.m.62 views

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

6.5CVSS6.8AI score0.00307EPSS
Exploits1References2
CVE
CVE
added 2024/04/25 12:0 a.m.161 views

CVE-2024-33663

CVE-2024-33663 concerns python-jose up to version 3.3.0, where an algorithm confusion occurs between OpenSSH ECDSA keys and other key formats. The issue, described across multiple feeds (CNNVD, Debian tracker, CVE lists), is analogous to CVE-2022-29217 and is framed as a key-format/algorithm conf...

6.5CVSS7.3AI score0.00307EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.21 views

SUSE: Security Advisory (SUSE-SU-2023:0794-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.012EPSS
Exploits0References6
Amazon
Amazon
added 2023/03/22 12:0 a.m.15 views

Medium: python-jwt

Issue Overview: A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signing algorithm, leading to key confusion through non-blocklisted public key format...

7.5CVSS7.8AI score0.012EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.61 views

Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2023-076)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-076 advisory. A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signin...

7.5CVSS7.3AI score0.012EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/03/18 12:0 a.m.21 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-PyJWT (SUSE-SU-2023:0794-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0794-1 advisory. - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats bsc1199756. - Update in...

7.5CVSS7.2AI score0.012EPSS
Exploits0References6
OSV
OSV
added 2023/03/17 7:42 a.m.8 views

SUSE-SU-2023:0794-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats bsc1199756. - Update in SLE-15 bsc1199282, jscPM-3243, jscSLE-24629 - Update to 2.4.0 bsc1199756 - Explicit check the key for ECAlgorithm - Don't use implicit...

7.5CVSS7.5AI score0.012EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/12/09 12:0 a.m.40 views

Amazon Linux 2022 : python-jwt (ALAS2022-2022-241)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-241 advisory. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT...

7.5CVSS7.3AI score0.012EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/10/10 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for python-jwt (EulerOS-SA-2022-2421)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.012EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/10/10 12:0 a.m.14 views

Huawei EulerOS: Security Advisory for python-jwt (EulerOS-SA-2022-2434)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/10/08 12:0 a.m.37 views

EulerOS 2.0 SP10 : python-jwt (EulerOS-SA-2022-2434)

According to the versions of the python-jwt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the...

7.5CVSS7.4AI score0.012EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/10/08 12:0 a.m.24 views

EulerOS 2.0 SP10 : python-jwt (EulerOS-SA-2022-2421)

According to the versions of the python-jwt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the...

7.5CVSS7.4AI score0.012EPSS
Exploits0References2
Rows per page
Query Builder