7 matches found
ROOT-APP-PYPI-CVE-2025-61920 CVE-2025-61920 in rootio-Authlib - Patched by Root
Root has patched CVE-2025-61920 in the rootio-Authlib package for Root:PyPI. Multiple fixed versions available...
openSUSE Security Advisory (SUSE-SU-2025:3754-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-61920 vulnerabilities
Vulnerabilities for packages: mlflow...
python311-Authlib-1.6.5-1.1 on GA media (moderate)
python311-Authlib-1.6.5-1.1 on GA media Announcement ID: openSUSE-SU-2025:15629-1 Rating: moderate Cross-References: CVE-2025-61920 CVSS scores: CVE-2025-61920 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-61920 SUSE : 8.7...
aad-fastapi (>=1.0.0 <=1.1.2), aad-fastapi-dl37 (>=1.0.0 <=1.0.3) +268 more potentially affected by CVE-2025-61920 via authlib (>=0.10.0 <=1.6.4)
authlib PYPI version =0.10.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =1.0.2, =1.2.0a20250730, =1.1.0, =1.2.0a20250730, =0.4.0, =0.1.0, =0.1.0a1, =1.2.0, =1.2.0a20250730, =1.2.0a20250730, =1.2.0a20250730, =1.2.0rc4 and more Source cves: CVE-2025-61920 Source advisory: OSV:GHSA-PQ5P-34CR-23V9...
CVE-2025-61920
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JOSE implementation accepts unbounded JWS/JWT header and signature segments. A remote attacker can craft a token whose base64url‑encoded header or signature spans hundreds of megabytes...
CVE-2025-61920
creationtimestamp| type| source ---|---|--- 2025-10-10 02:28:44+00:00| published-proof-of-concept| https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9...