Lucene search
K

9 matches found

Patchstack
Patchstack
added 2026/05/09 12:45 a.m.8 views

NPM: Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

NPM: Hono has improper validation of NumericDate claims exp, nbf, iat in JWT verify vulnerability discovered by ? in WordPress Npm hono versions 4.12.18...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/09 12:45 a.m.18 views

Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Summary Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exploitable by an anonymous attacker; it only manifests when a malformed claim value reaches...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0119

Malware in sbrugna...

6.8CVSS6.4AI score0.00815EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.4 views

SUSE CVE-2020-26244

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1 The IdToken signature algorithm was not checked automatically, but only if the expected...

6.8CVSS6.7AI score0.00815EPSS
Exploits0References2
OSV
OSV
added 2020/12/04 4:47 p.m.12 views

GHSA-4FJV-PMHG-3RFG Multiple cryptographic issues in Python oic

Impact Client implementations using this library Issues 1 The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2 JWA none algorithm was allowed in all flows. 3 oic.consumer.Consumer.parseauthz returns an unverified IdToken. Th...

7.6CVSS6.4AI score0.00815EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2020/12/04 4:47 p.m.61 views

Multiple cryptographic issues in Python oic

Impact Client implementations using this library Issues 1 The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2 JWA none algorithm was allowed in all flows. 3 oic.consumer.Consumer.parseauthz returns an unverified IdToken. Th...

6.8CVSS2.8AI score0.00815EPSS
Exploits0References7Affected Software1
Veracode
Veracode
added 2020/12/03 2:58 a.m.18 views

Cipher Downgrade Attack

oic is vulnerable to cipher downgrade attacks. The vulnerability exists as the IdToken signature algorithm is not checked automatically, and that the JWA none algorithm is always allowed, and that the IdToken returned from oic.consumer.Consumer.parseauthz is not verified, and the iat claim is not...

6.8CVSS4AI score0.00815EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2020/12/02 8:15 p.m.19 views

Design/Logic Flaw

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1 The IdToken signature algorithm was not checked automatically, but only if the expected...

4.9CVSS6.5AI score0.00815EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/12/02 8:15 p.m.37 views

PYSEC-2020-69

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1 The IdToken signature algorithm was not checked automatically, but only if the expected...

6.8CVSS3.9AI score0.00815EPSS
Exploits0References4
Rows per page
Query Builder