Authentication Bypass
Discription
pyjwt is vulnerable to authentication bypass. The library permits an attacker submitting a JWT token to choose which algorithms are used when signing in, enabling non-blocklisted, but weak public key formats to be supported in the authentication process.Read More
References
https://github.com/jpadilla/pyjwt/releases/tag/2.4.0https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fchttps://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24Back to Main