Lucene search
+L

9 matches found

Atlassian
Atlassian
added 2025/12/04 10:56 p.m.19 views

Prototype Pollution zrender Dependency in Jira Service Management Data Center and Server

This is a vulnerability in a non-Atlassian Jira Service Management dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity Prototype Pollution vulnerability known as CVE-2022-39227 was introduced in 10.3.0, and 11.0.0 of Jira...

9.1CVSS6.8AI score0.0366EPSS
Exploits2
GithubExploit
GithubExploit
added 2023/06/07 11:11 a.m.996 views

Exploit for Authentication Bypass by Spoofing in Python-Jwt_Project Python-Jwt

CVE-2022-39227 CVE-2022-39227 : Proof of Concept Proof of co...

9.1CVSS9.2AI score0.0366EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2023/03/28 12:0 a.m.37 views

CBL Mariner 2.0 Security Update: python-jwt (CVE-2022-39227)

The version of python-jwt installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-39227 advisory. - python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject...

9.1CVSS8.3AI score0.0366EPSS
Exploits2References2
CBLMariner
CBLMariner
added 2022/10/17 10:54 p.m.35 views

CVE-2022-39227 affecting package python-jwt for versions less than 2.4.0-2

CVE-2022-39227 affecting package python-jwt for versions less than 2.4.0-2. A patched version of the package is available...

9.1CVSS9.4AI score0.0366EPSS
Exploits2
CBLMariner
CBLMariner
added 2022/10/13 12:40 a.m.62 views

CVE-2022-39227 affecting package python-jwt 2.4.0-1

CVE-2022-39227 affecting package python-jwt 2.4.0-1. A patched version of the package is available...

9.1CVSS9.6AI score0.0366EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2022/09/23 6:55 a.m.19 views

CVE-2022-39227 Python-jwt subject to Authentication Bypass by Spoofing

python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowi...

9.1CVSS6.9AI score0.0366EPSS
Exploits2References4
CVE
CVE
added 2022/09/23 6:55 a.m.347 views

CVE-2022-39227

The CVE-2022-39227 issue affects the python-jwt library prior to 3.3.4, where an Authentication Bypass by Spoofing flaw allows forging JWT contents without the secret key. This can enable identity spoofing, session hijacking, or authentication bypass if an application relies on the token's claims...

9.1CVSS9.3AI score0.0366EPSS
Exploits2References4Affected Software1
vulnersOsv
vulnersOsv
added 2022/09/21 9:33 p.m.6 views

aat-downloader (>=0.0.1 <=0.0.3), audittracker (=0.4.0) +30 more potentially affected by CVE-2022-39227 via python-jwt (>=2.0.1 <=3.3.0)

python-jwt PYPI version =2.0.1, =0.0.1, =1.0.1, =0.1.0.2, =6.0.0a1, =0.0.3, =1.0.3, =3.0.27, =0.0.4, =1.0.0, =1.0.6, =0.0.1, =0.5.0 and more Source cves: CVE-2022-39227 Source advisory: OSV:GHSA-5P8V-58QM-C7FP...

9.1CVSS7.2AI score0.0366EPSS
Exploits2
vulnersOsv
vulnersOsv
added 2022/09/01 6:51 p.m.5 views

cizohosubscriptions (>=1.0.1 <=1.0.2), code-challenge (>=0.1.0.2 <=0.1.0.8) +7 more potentially affected by CVE-2022-39227 via python-jwt (>=3.2.4 <=3.3.0)

python-jwt PYPI version =3.2.4, =1.0.1, =0.1.0.2, =6.0.0a1, =0.0.3, =1.0.1, =2.0.5, =2.0.6, =2.0.7 - zoho-subscriptions =1.0.1 Source cves: CVE-2022-39227 Source advisory: OSV:PYSEC-2022-259...

9.1CVSS7.2AI score0.0366EPSS
Exploits2
Rows per page
Query Builder