Lucene search
K

7 matches found

OSV
OSV
โ€ขadded 2026/06/29 1:23 p.m.โ€ข4 views

CVE-2026-12616

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format "%asctimes - %names - %levelnames - %messages" renders...

6.9CVSS6AI score0.00308EPSS
Exploits0References4
EUVD
EUVD
โ€ขadded 2025/10/03 8:7 p.m.โ€ข5 views

EUVD-2025-6727

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00519EPSS
Exploits0References5
RedhatCVE
RedhatCVE
โ€ขadded 2025/03/21 4:23 p.m.โ€ข18 views

CVE-2025-30144

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...

6.5CVSS6.8AI score0.00519EPSS
Exploits0References1
NVD
NVD
โ€ขadded 2025/03/19 4:15 p.m.โ€ข25 views

CVE-2025-30144

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...

6.5CVSS0.00519EPSS
Exploits0References3
Cvelist
Cvelist
โ€ขadded 2025/03/19 3:41 p.m.โ€ข19 views

CVE-2025-30144 Fast-JWT Improperly Validates iss Claims

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...

6.5CVSS0.00519EPSS
Exploits0References3
CVE
CVE
โ€ขadded 2025/03/19 3:41 p.m.โ€ข88 views

CVE-2025-30144

CVE-2025-30144 affects the fast-jwt library prior to 5.0.6, where iss validation incorrectly accepts an array of strings as a valid issuer. This permissive check can let an attacker forge a JWT containing an issuer array like [host, https://valid-iss], which may be accepted by verifiers (especial...

6.5CVSS6.2AI score0.00519EPSS
Exploits0References3
Veracode
Veracode
โ€ขadded 2024/12/26 8:12 a.m.โ€ข9 views

Incorrect Comparison

PyJWT is vulnerable to Incorrect Comparison. The vulnerability is due to improper handling of the iss claim check caused by the use of in for string comparison instead of strict equality, potentially allowing incorrect issuer values to pass validation...

7.5CVSS3.5AI score0.0081EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder