pyjwt 安全漏洞

pyjwt is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Security vulnerabilities exist in versions 2.9.0 to 2.12.1 of pyjwt. These vulnerabilities arise when the jwt.decode or jwt.decodecomplete function is called...

PT-2025-6926 · Unknown · Meshtastic

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.5.19 Description: Meshtastic is an open source mesh networking solution. In affected firmware versions, crafted packets over MQTT can appear as a DM in client to a node even though they were not decoded with PKC...

PT-2024-31475 · Unknown +1 · Matrix Libolm +1

Name of the Vulnerable Software and Affected Versions: Matrix libolm versions through 3.2.16 Description: An issue was discovered in Matrix libolm, where cache-timing attacks can occur due to the use of base64 when decoding group session keys. This vulnerability only affects products that are no...

MGASA-2023-0119 Updated perl-Cpanel-JSON-XS packages fix security vulnerability

Fixes some bugs including a security vulnerability when decoding hash keys without ending ':'...

RUSTSEC-2022-0025 Resource leakage when decoding certificates and keys

The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occupied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will...

OpenSSL does not securely handle invalid public key when configured to ignore errors

Overview A vulnerability in the way OpenSSL handles invalid public keys in client certificate messages could allow a remote attacker to cause a denial of service. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typical...