3 matches found
PT-2025-31580 · Pypi · Jwt
Name of the Vulnerable Software and Affected Versions: jwt version 5.4.3 Description: jwt version 5.4.3 contains weak encryption. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
CVE-2024-28194 Authentication Bypass Because of Hardcoded JWT Secret in your_spotify
yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.8.0 use a hardcoded JSON Web Token JWT secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows...
CVE-2018-1000539
Nov json-jwt version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. Th...