PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...
Continue Reading30 мая, 2022
### Impact _What kind of vulnerability is it? Who is impacted?_ Disclosed by Aapo Oksman (Senior Security Specialist, Nixu Corporation). > PyJWT supports multiple different JWT signing algorithms. ...
Continue Reading30 мая, 2022
github.com/argoproj/argo-cd is vulnerable to user impersonation. An attacker is able to send an invalid JSON Web Token (JWT) along with a request if anonymous access to the Argo CD instance is enabled ...
Continue Reading30 мая, 2022
A flaw was found in the ArgoCD component of Red Hat GitOps, where an unauthenticated attacker can craft a malicious JWT token while ArgoCD's anonymous access is enabled and gains full access to the Ar ...
Continue Reading30 мая, 2022
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: ArgoCD will blindly trust JWT claims if anonymous access is ...
Continue Reading30 мая, 2022
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: ArgoCD will blindly trust JWT claims if anonymous access is ...
Continue Reading30 мая, 2022
## Overview "The package `grpc` before 1.24.4 and the package `@grpc/grpc-js` before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition." ## Recommendation Upgrade to version 1.1.8 ...
Continue Reading30 мая, 2022
"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."Read More ...
Continue Reading30 мая, 2022
Back to Main