Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)
Vulnerability Description
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC. This vulnerability is fixed in 2.12.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
pyjwt 安全漏洞
Vulnerability Description
pyjwt是美国José Padilla个人开发者的一个 Python 库。允许对 JSON Web 令牌(JWT)进行编码和解码。 pyjwt存在安全漏洞,该漏洞源于未验证crit关键标头参数,可能导致接受包含未知扩展的JWS令牌。
CVSS Information
N/A
Vulnerability Type
N/A