Lucene search
K

11 matches found

OSV
OSV
added 2026/03/26 8:57 a.m.3 views

SUSE-SU-2026:20879-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues: Update to PyJWT 2.12.1: - CVE-2024-53861: prevent partial matching of the Issuer field bsc1234038. - CVE-2026-32597: validate the crit Header Parameter defined in RFC 7515 bsc1259616. Changelog: Update to 2.12.1: - Add missing...

7.5CVSS6.8AI score0.0081EPSS
Exploits2References5
Github Security Blog
Github Security Blog
added 2024/12/02 6:34 p.m.23 views

PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

7.5CVSS7AI score0.0081EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/12/02 6:34 p.m.1 views

GHSA-75C5-XW7C-P5PM PyJWT Issuer field partial matches allowed

Summary The wrong string if check is run for iss checking, resulting in "acb" being accepted for "abc". Details This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. diff - if isinstanceissuer, list: + if...

2.2CVSS7.1AI score0.0081EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/11/29 6:43 p.m.9 views

CVE-2024-53861 Issuer field partial matches allowed in pyjwt

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

2.2CVSS6.8AI score0.0081EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/11/29 6:43 p.m.36 views

CVE-2024-53861 Issuer field partial matches allowed in pyjwt

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for iss checking, resulting in "acb" being accepted for "abc". This is a bug introduced in version 2.10.0: checking the "iss" claim changed from isinstanceissuer, list to isinstanceissuer, Sequence. Since st...

2.2CVSS0.0081EPSS
Exploits1References3
CNVD
CNVD
added 2021/03/04 12:0 a.m.8 views

OpenSSL Input Validation Error Vulnerability

OpenSSL is a powerful, commercial-grade, full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. It is also a general-purpose cryptographic library. An input validation error vulnerability exists in the OpenSSL public API that stems from the...

7.5CVSS5.8AI score0.50732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/02/18 5:4 p.m.92 views

CVE-2021-23841

The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...

5.9CVSS7AI score0.07471EPSS
Exploits0References4
OSV
OSV
added 2021/02/18 12:22 p.m.4 views

USN-4738-1 openssl, openssl1.0 vulnerabilities

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2021-23840 Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer...

7.5CVSS6.8AI score0.50732EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.8 views

OpenSSL Code Issue Vulnerability

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

7.5CVSS6.8AI score0.50732EPSS
Exploits0References117
NVD
NVD
added 2011/08/12 5:55 p.m.19 views

CVE-2008-7299

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field...

5CVSS6.3AI score0.00785EPSS
Exploits0References2
Cvelist
Cvelist
added 2011/08/12 5:0 p.m.25 views

CVE-2008-7299

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field...

6.3AI score0.00785EPSS
Exploits0References2
Rows per page
Query Builder