漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle
Vulnerability Description
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.9, a cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption (JWE) RSA1_5 key management algorithm. Authlib registers RSA1_5 in its default algorithm registry without requiring explicit opt-in, and actively destroys the constant-time Bleichenbacher mitigation that the underlying cryptography library implements correctly. This issue has been patched in version 1.6.9.
CVSS Information
N/A
Vulnerability Type
通过差异性导致的信息暴露
Vulnerability Title
Authlib 加密问题漏洞
Vulnerability Description
Authlib是Authlib开源的一个构建 OAuth 和 OpenID Connect 服务器的终极 Python 库。 Authlib 1.6.9之前版本存在加密问题漏洞,该漏洞源于JSON Web Encryption RSA1_5密钥管理算法实现存在加密填充预言机漏洞,可能破坏底层密码库的恒定时间缓解措施。
CVSS Information
N/A
Vulnerability Type
N/A