3 matches found
PYSEC-2026-179
PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...
Unverified Ownership
Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Unverified Ownership via the JWT authentication process. An attacker can gain unauthorized access to protected resources by presenting a valid token intended for a different audience when...
Hyperledger Ursa Security Breach
Hyperledger Ursa is a Hyperledger open source cryptographic library for use with blockchains. A security vulnerability exists in Hyperledger Ursa versions prior to 0.3 that stems from a lack of checking the correctness of CL signature issuer keys...