Lucene search
Veracode Vulnerability DatabaseVERACODE:4916HistoryAug 16, 2017 - 10:26 p.m.
Key Confusion Attacks
2017-08-1622:26:05
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
EPSS
0.001
Percentile
35.1%
PyJWT is vulnerable to asymmetric/symmetric key confusion attacks. PKCS1 PEM keys that begin with -----BEGIN RSA PUBLIC KEY----- will not be rejected by the invalid_strings check in HMACAlgorithm.prepare_key. Using this flaw, attackers can cause symmetric/asymmetric confusion and create JWTs from scratch.
Related
debian
debian
[SECURITY] [DSA 3979-1] pyjwt security update
2017-09-19 20:55:50
github
github
PyJWT vulnerable to key confusion attacks
2022-05-13 01:42:19
prion
prion
Type confusion
2017-08-24 16:29:00
osv
osv
pyjwt - security update
2017-09-19 00:00:00
PYSEC-2017-24
2017-08-24 16:29:00
CVE-2017-11424
2017-08-24 16:29:00
openvas
openvas
Ubuntu: Security Advisory (USN-3407-1)
2018-10-26 00:00:00
Fedora Update for python-jwt FEDORA-2017-b9f07dfaca
2017-09-28 00:00:00
Debian: Security Advisory (DSA-3979-1)
2017-09-18 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: python-jwt-1.5.3-1.fc27
2017-09-30 07:36:29
[SECURITY] Fedora 26 Update: python-jwt-1.5.3-1.fc26
2017-09-25 00:53:39
ubuntucve
ubuntucve
CVE-2017-11424
2017-08-24 00:00:00
debiancve
debiancve
CVE-2017-11424
2017-08-24 16:29:00
nessus
nessus
Debian DSA-3979-1 : pyjwt - security update
2017-09-20 00:00:00
Fedora 26 : python-jwt (2017-b9f07dfaca)
2017-09-25 00:00:00
Fedora 27 : python-jwt (2017-0cc84101de)
2018-01-15 00:00:00
redhatcve
redhatcve
CVE-2017-11424
2017-08-25 08:48:29
cvelist
cvelist
CVE-2017-11424
2017-08-24 16:00:00
ubuntu
ubuntu
PyJWT vulnerability
2017-08-30 00:00:00
cve
cve
CVE-2017-11424
2017-08-24 16:29:00
CVE-2017-12880
2017-08-16 14:29:00
nvd
nvd
CVE-2017-11424
2017-08-24 16:29:00
CVE-2017-12880
2017-08-16 14:29:00