Search CVE reports
11 – 11 of 11 results
Some fixes available 2 of 7
lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar...
1 affected package
python-authlib
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| python-authlib | Needs evaluation | Fixed | Fixed | Not in release | — |