50 matches found
python311-PyJWT-2.10.1-2.1 on GA media (moderate)
python311-PyJWT-2.10.1-2.1 on GA media Announcement ID: openSUSE-SU-2025:14987-1 Rating: moderate Cross-References: CVE-2022-29217 CVSS scores: CVE-2022-29217 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...
Linux Distros Unpatched Vulnerability : CVE-2022-29217
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choos...
Updated python-authlib packages fix security vulnerability
Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. This is similar to CVE-2022-29217 and CVE-2024-33663...
RHEL 9 : python-jwt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-jwt: Key confusion through non-blocklisted public key formats CVE-2022-29217 Note that Nessus has not tested...
RHEL 8 : python-jwt (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-jwt: Key confusion through non-blocklisted public key formats CVE-2022-29217 Note that Nessus has not tested...
GHSA-6C5P-J8VQ-PQHJ python-jose algorithm confusion with OpenSSH ECDSA keys
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
python-jose algorithm confusion with OpenSSH ECDSA keys
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
PYSEC-2024-232
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
CVE-2024-33663
CVE-2024-33663 concerns python-jose up to version 3.3.0, where an algorithm confusion occurs between OpenSSH ECDSA keys and other key formats. The issue, described across multiple feeds (CNNVD, Debian tracker, CVE lists), is analogous to CVE-2022-29217 and is framed as a key-format/algorithm conf...
SUSE: Security Advisory (SUSE-SU-2023:0794-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Medium: python-jwt
Issue Overview: A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signing algorithm, leading to key confusion through non-blocklisted public key format...
Amazon Linux 2023 : python3-jwt, python3-jwt+crypto (ALAS2023-2023-076)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-076 advisory. A vulnerability was found in python-jwt. This issue happens when PyJWT supports multiple different JWT signing algorithms. This flaw allows an attacker submitting the JWT token to choose the used signin...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-PyJWT (SUSE-SU-2023:0794-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:0794-1 advisory. - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats bsc1199756. - Update in...
SUSE-SU-2023:0794-1 Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats bsc1199756. - Update in SLE-15 bsc1199282, jscPM-3243, jscSLE-24629 - Update to 2.4.0 bsc1199756 - Explicit check the key for ECAlgorithm - Don't use implicit...
Amazon Linux 2022 : python-jwt (ALAS2022-2022-241)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-241 advisory. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT...
Huawei EulerOS: Security Advisory for python-jwt (EulerOS-SA-2022-2421)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-jwt (EulerOS-SA-2022-2434)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : python-jwt (EulerOS-SA-2022-2434)
According to the versions of the python-jwt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the...
EulerOS 2.0 SP10 : python-jwt (EulerOS-SA-2022-2421)
According to the versions of the python-jwt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the...