python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or auth ...
Continue Reading26 сентября, 2022
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1 ...
Continue Reading24 сентября, 2022
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1 ...
Continue Reading23 сентября, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue Reading23 сентября, 2022
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1 ...
Continue Reading22 сентября, 2022
jwcrypto is vulnerable to authorization bypass. The vulnerability is due to JWT auto-detecting the token type; under certain circumstances, it's possible to substitute a signed JWS token with a JWE to ...
Continue Reading22 сентября, 2022
### Impact An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's ...
Continue Reading21 сентября, 2022
### Impact An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's ...
Continue Reading21 сентября, 2022
Back to Main