EUVD-2022-42631

Malicious code in bioql PyPI...

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in Next.js versions prior to 14.2.31 and 15.0.0 through 15.4.5, which stems from cache key obfuscation and could lead to unauthorized user access...

UltraJSON 安全漏洞

UltraJSON is an open source, ultra-fast JSON encoder and decoder written in pure C and bundled with Python 3.7+. A security vulnerability exists in versions of UltraJSON prior to 5.4.0, which stems from an inability to properly decode certain characters, allowing for potential key obfuscation and...

Python 加密问题漏洞

pyjwt is a Python library by the individual developer José Padilla in the United States. It allows encoding and decoding of JSON Web Tokens JWT. A cryptographic issue vulnerability exists in pyjwt versions 1.5.0 - 2.3.0, which stems from the use of a corrupted or risky cryptographic algorithm. A...

PyJWT Key Obfuscation Attack Vulnerability

pyjwt is a JSON Web Token implementation in Python. PyJWT suffers from a key obfuscation vulnerability. An attacker can exploit the vulnerability to use PKCS1 PEM encoded public key users can perform symmetric/asymmetric key obfuscation attacks to create JWT from scratch...