8 matches found
joserfc 安全漏洞
Joserfc is a Python library developed by Authlib. Joserfc versions 1.6.2 and earlier have security vulnerabilities. These vulnerabilities stem from the lack of verification or restrictions on the p2c parameter value in the JWE token. This allows unverified attackers to cause denial-of-service...
did-sdk-python (>=1.0.0 <=1.1.3), django-ninja-aio-crud (>=1.0.5 <=2.30.4) +9 more potentially affected by CVE-2026-27932 via joserfc (>=0.11.1 <=1.6.1)
joserfc PYPI version =0.11.1, =1.0.0, =1.0.5, =2.5.0, =2.0.0, =3.0.2, =0.1.3, =0.18.1, =0.1.0, =0.9.0, =0.1.0, =0.5.0rc2 Source cves: CVE-2026-27932 Source advisory: OSV:GHSA-W5R5-M38G-F9F9...
did-sdk-python (>=1.0.0 <=1.1.3), django-ninja-aio-crud (>=1.0.5 <=2.30.4) +7 more potentially affected by CVE-2026-27932 via joserfc (>=1.0.0 <=1.6.1)
joserfc PYPI version =1.0.0, =1.0.0, =1.0.5, =2.1.1, =3.0.2, =0.21.2, =0.6.0, =0.9.0, =0.1.0, =0.5.0rc2 Source cves: CVE-2026-27932 Source advisory: SNYK:PYTHON-JOSERFC-15369129...
django-ninja-aio-crud (>=1.0.5 <=2.25.0) potentially affected by CVE-2025-65015 via joserfc (=1.4.1)
joserfc PYPI version =1.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on joserfc and may be impacted: - django-ninja-aio-crud =1.0.5, =2.25.0 Source cves: CVE-2025-65015 Source advisory: SNYK:PYTHON-JOSERFC-14052498...
DEBIAN-CVE-2025-65015
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
django-ninja-aio-crud (>=1.0.5 <=2.25.0) potentially affected by CVE-2025-65015 via joserfc (=1.4.1)
joserfc PYPI version =1.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on joserfc and may be impacted: - django-ninja-aio-crud =1.0.5, =2.25.0 Source cves: CVE-2025-65015 Source advisory: OSV:GHSA-FRFH-8V73-GJG4...
joserfc 安全漏洞
joserfc is a Python library open-sourced by Authlib. A security vulnerability exists in joserfc version 1.3.3 up to and including version 1.3.5 and version 1.4.0 up to and including version 1.4.2, which stems from an ExceededSizeError exception message embedded in the Undecoded JWT Token section,...
PT-2025-47405
Name of the Vulnerable Software and Affected Versions joserfc versions 1.3.3 through 1.3.4 joserfc versions 1.4.0 through 1.4.1 Description The joserfc library has an issue where excessively large JWT JSON Web Token payloads can be logged, potentially leading to resource exhaustion. Specifically,...