96 matches found
python-jose 安全漏洞
python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose 3.3.0 and earlier versions that originated from allowing an attacker to cause a denial of service via a specially crafted high-compression rate JSON Web...
python-jose 安全漏洞
python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose 3.3.0 and earlier versions, which stems from confusion between OpenSSH ECDSA keys and other key formats...
CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
PT-2024-4195 · Unknown +2 · Python-Jose +2
Name of the Vulnerable Software and Affected Versions: python-jose versions 3.3.0 and earlier Description: The issue is related to algorithm confusion with OpenSSH ECDSA keys and other key formats in the python-jose component. It is associated with the definition of a prefix blacklist for OpenSSH...
GHSA-W799-PRG3-CX77 python-jose failure to use a constant time comparison for HMAC keys
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
python-jose failure to use a constant time comparison for HMAC keys
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
datawire-cloudtools (=0.2.6) potentially affected by CVE-2016-7036 via python-jose (=0.5.5)
python-jose PYPI version =0.5.5 is affected by a known vulnerability. The following packages have a transitive dependency on python-jose and may be impacted: - datawire-cloudtools =0.2.6 Source cves: CVE-2016-7036 Source advisory: OSV:GHSA-W799-PRG3-CX77...
Unspecified vulnerability in python-jose
python-jose is an implementation of object signing and encryption. A security vulnerability exists in python-jose 1.3.1 and earlier versions; detailed vulnerability information is not currently available...
Timing Attack Via Authentication
python-jose is vulnerable to timing attacks. The vulnerability is possible because it has a flaw in verification function which allows a constant time comparison for HMAC keys...
CVE-2016-7036
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
CVE-2016-7036
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
datawire-cloudtools (=0.2.6) potentially affected by CVE-2016-7036 via python-jose (=0.5.5)
python-jose PYPI version =0.5.5 is affected by a known vulnerability. The following packages have a transitive dependency on python-jose and may be impacted: - datawire-cloudtools =0.2.6 Source cves: CVE-2016-7036 Source advisory: OSV:PYSEC-2017-28...
Code injection
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
PYSEC-2017-28
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
CVE-2016-7036
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...
CVE-2016-7036
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...