Lucene search
+L

7 matches found

osv
osv
added 2026/06/16 8:55 a.m.4 views

SUSE-SU-2026:22238-1 Security update for python-PyJWT

This update for python-PyJWT fixes the following issues - CVE-2026-48522: PyJWKClient passes URI arguments directly to urllib.request.urlopen and allows for SSRF and token forgery bsc1266798. - CVE-2026-48523: verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are...

7.4CVSS5.7AI score0.00394EPSS
Exploits4References11
euvd
euvd
added 2026/06/15 7:28 p.m.12 views

EUVD-2026-32915

PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes...

8.8CVSS7.8AI score0.02214EPSS
Exploits1References3
susecve
susecve
added 2026/05/30 1:59 a.m.18 views

SUSE CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.8CVSS6AI score0.00181EPSS
Exploits1References9
osv
osv
added 2026/05/28 3:7 p.m.3 views

CVE-2026-48524 PyJWT: PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS6AI score0.00222EPSS
Exploits0References3
debiancve
debiancve
added 2026/05/28 3:0 p.m.13 views

CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.2CVSS6AI score0.00181EPSS
Exploits1
attackerkb
attackerkb
added 2026/05/28 3:0 p.m.14 views

CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.2CVSS6AI score0.00181EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2026/05/28 12:0 a.m.14 views

pyjwt 代码问题漏洞

PyJWT is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Prior to version 2.13.0, there were code vulnerabilities in PyJWT. These vulnerabilities stemmed from PyJWKClient directly passing the uri parameter to...

4.2CVSS6AI score0.00181EPSS
Exploits1References1
Rows per page
Query Builder