漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification
Vulnerability Description
Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application code when a failure was expected.. This issue has been patched in version 1.6.7.
CVSS Information
N/A
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Authlib 数据伪造问题漏洞
Vulnerability Description
Authlib是Authlib开源的一个构建 OAuth 和 OpenID Connect 服务器的终极 Python 库。 Authlib 1.6.5至1.6.7之前版本存在数据伪造问题漏洞,该漏洞源于传递包含alg: none和空签名的恶意JWT时通过签名验证步骤,可能导致绕过预期失败。
CVSS Information
N/A
Vulnerability Type
N/A