2 matches found
Incorrect Authorization
Overview authlib is a library in building OAuth and OpenID Connect servers. Affected versions of this package are vulnerable to Incorrect Authorization via the deserializecompact function. An attacker can bypass intended authorization policies by crafting a signed token with unknown critical head...
PT-2025-38752
Name of the Vulnerable Software and Affected Versions Authlib versions prior to 1.6.4 Description Authlib’s JWS verification improperly handles tokens declaring unknown critical header parameters crit, violating RFC 7515 specifications. An attacker can create a signed token with a critical header...