Lucene search
+L

29 matches found

astralinux
astralinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in pyjwt

PyJWT is an implementation of JSON Web Tokens in Python. Before version 2.12.0, PyJWT did not validate the Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a critical array listing extensions that PyJWT does not understand, the library accepts the token instead of...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References3
redhat
redhat
added 2026/06/01 9:8 p.m.12 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS7.1AI score0.00269EPSS
Exploits1References5
redhat
redhat
added 2026/05/19 10:5 p.m.11 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
susecve
susecve
added 2026/05/07 2:21 a.m.6 views

SUSE CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 �4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

7.5CVSS7.2AI score0.00269EPSS
Exploits1References11
redhat
redhat
added 2026/05/06 6:40 a.m.9 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
redhat
redhat
added 2026/05/05 10:32 a.m.9 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS7.2AI score0.00269EPSS
Exploits1References5
redhat
redhat
added 2026/05/04 2:31 p.m.8 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
redhat
redhat
added 2026/05/04 2:10 p.m.7 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS6.6AI score0.00269EPSS
Exploits1References5
redhat
redhat
added 2026/04/30 10:22 a.m.11 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS8.5AI score0.00269EPSS
Exploits1References5
redhatcve
redhatcve
added 2026/04/07 5:3 p.m.4 views

CVE-2026-35042

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token...

7.5CVSS5.9AI score0.00155EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/04/06 12:0 a.m.11 views

fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt up to 6.1.0 contained security vulnerabilities, which stemmed from the lack of verification of the crit header parameter. This allowed tokens containing unknown extensions to be accepted...

7.5CVSS5.7AI score0.00155EPSS
Exploits1References2
github
github
added 2026/04/03 10:1 p.m.15 views

fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)

Summary fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. ---...

7.5CVSS5.9AI score0.00155EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/04/03 10:1 p.m.4 views

GHSA-HM7R-C7QW-GHP6 fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)

Summary fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. ---...

7.5CVSS5.9AI score0.00155EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/04/03 12:0 a.m.12 views

PT-2026-30280

Summary fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. ---...

7.5CVSS5.9AI score0.00244EPSS
Exploits2References6
github
github
added 2026/03/13 8:5 p.m.5 views

PyJWT accepts unknown `crit` header extensions

Summary PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This is t...

7.5CVSS5.8AI score0.00269EPSS
Exploits1References5Affected Software1
euvd
euvd
added 2026/03/13 8:5 p.m.4 views

EUVD-2026-11728

PyJWT accepts unknown crit header extensions...

7.5CVSS5.8AI score0.00269EPSS
Exploits1References1
osv
osv
added 2026/03/13 8:5 p.m.3 views

GHSA-752W-5FWX-JX9F PyJWT accepts unknown `crit` header extensions

Summary PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This is t...

7.5CVSS5.8AI score0.00269EPSS
Exploits1References5
osv
osv
added 2026/03/13 7:55 p.m.2 views

DEBIAN-CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

7.5CVSS7.2AI score0.00269EPSS
Exploits1References1
pypa
pypa
added 2026/03/13 7:55 p.m.16 views

PYSEC-2026-120

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

7.5CVSS6.8AI score0.00269EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/03/12 9:41 p.m.5 views

CVE-2026-32597 PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

7.5CVSS5.8AI score0.00269EPSS
Exploits1References1
Rows per page
Query Builder