Lucene search
+L

4 matches found

susecve
susecve
added 2026/05/30 1:59 a.m.18 views

SUSE CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.8CVSS6AI score0.00181EPSS
Exploits1References9
cve
cve
added 2026/05/28 3:0 p.m.98 views

CVE-2026-48522

PyJWKClient in PyJWT prior to 2.13.0 passes its uri argument directly to urllib.request.urlopen(), allowing attacker-controlled jku URLs to trigger SSRF and related token-forgery scenarios via file://, ftp://, or data: schemes. Affected component: PyJWKClient (Python). Root cause: lack of a schem...

4.2CVSS6AI score0.00181EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.19 views

PT-2026-44394

Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.13.0 Description PyJWKClient passes the uri argument directly to urllib.request.urlopen, which utilizes the default OpenerDirector of the Python standard library. This allows the registration of HTTPHandler,...

9.8CVSS5.4AI score0.00181EPSS
Exploits1References236
redhat
redhat
added 2011/05/19 11:20 a.m.8 views

urllib2): Improper management of ftp:// and file:// URL schemes (Issue #11662)

The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service resource consumption via a crafted URL, as...

6.4CVSS7.2AI score0.04266EPSS
Exploits0References4
Rows per page
Query Builder