python-jwcrypto
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Python implementation of JWK, JWS, JWE specifications |
| Version |
1.5.6-3 [extra-testing] 1.5.6-2 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2797 | 1.3.1-1 | 1.4.0-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2022-3102 | AVG-2797 | Medium | Yes | Authentication bypass | The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the... |