SUSE CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

EUVD-2026-17293

SciTokens is vulnerable to SQL Injection in KeyCache...

GHSA-RH5M-2482-966C SciTokens is vulnerable to SQL Injection in KeyCache

Summary The KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. Ran the POC below...

SciTokens is vulnerable to SQL Injection in KeyCache

Summary The KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to execute arbitrary SQL commands against the local SQLite database. Ran the POC below...

CVE-2026-32714

A SQL injection vulnerability was found in the KeyCache component of scitokens. The implementation constructs SQL queries using Python string formatting with user-controlled input such as issuer and key identifiers. An attacker could exploit this flaw by supplying crafted input that alters the...

SQL Injection

Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to SQL Injection via the KeyCache class. An attacker can execute arbitrary SQL commands against the local SQLite database by supplying crafted input to parameters such as issuer and...

CVE-2026-32714 SciTokens vulnerable to SQL Injection in KeyCache

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

CVE-2026-32714 SciTokens vulnerable to SQL Injection in KeyCache

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

CVE-2026-32714 SciTokens vulnerable to SQL Injection in KeyCache

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

CVE-2026-32714

SciTokens before v1.9.6 is affected: the KeyCache class builds SQL queries using Python string formatting, allowing SQL injection via user-supplied data (issuer, key_id) that could compromise the local SQLite database. The issue is fixed in v1.9.6. Affected software: SciTokens library; vulnerabil...

scitokens 安全漏洞

Scitokens is an open-source science computing token library developed by SciTokens. Versions of SciTokens prior to 1.9.6 contained a security vulnerability. This vulnerability stemmed from the KeyCache class using Python’s str.format method to construct SQL queries that included user-provided dat...

PT-2026-29183

Name of the Vulnerable Software and Affected Versions SciTokens versions prior to 1.9.6 Description SciTokens is a reference library for generating and using SciTokens. The KeyCache class was susceptible to SQL Injection due to the use of Python’s str.format function to construct SQL queries with...

Fedora 44 : python-scitokens (2026-86ad7d8a1a)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-86ad7d8a1a advisory. - Remove legacy parent SciToken chaining behavior from token initialization and claim handling - Harden Enforcer scope path traversal validation including...

Fedora 43 : python-scitokens (2026-727b73bfa0)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-727b73bfa0 advisory. - Remove legacy parent SciToken chaining behavior from token initialization and claim handling - Harden Enforcer scope path traversal validation including...