Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.5 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.8AI score0.00394EPSS
Exploits1References5
Snyk
Snyk
added 2026/05/28 4:50 p.m.13 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication when decoding JSON Web Tokens. An attacker can forge valid tokens by supplying a public key as the secret for the HMAC algorithm when both asymmetric and HMAC algorithms are supported. PoC python from jwt.apijws...

8.8CVSS5.8AI score0.00394EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.4 views

SUSE CVE-2017-17843

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and ...

5.9CVSS6.9AI score0.01119EPSS
Exploits0References3
OSV
OSV
added 2017/12/27 5:8 p.m.5 views

UBUNTU-CVE-2017-17843

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and ...

5.9CVSS6.6AI score0.01119EPSS
Exploits0References6
Rows per page
Query Builder