Risky algorithms (algorithm confusion) in PyJWT (CVE-2022-29217)

Risky algorithms (algorithm confusion) in PyJWT (CVE-2022-29217)

CVEs

7.5 High Severity

Screenshots from the blog posts

images/clz9jkvdg8qw41in9hmowbmbp.pngimages/clz9jkvdg8qw41in9hmowbmbp.png

Summary

A threat actor can craft a token in the vulnerable versions of PyJT using the wrong key and algorithm combination and have this token validated when an algorithm isn't specified during decoding. This analysis explores this possibility and suggests mitigation methods to keep users safe.

Description

Total vcoins

9.8K

Social media links

Comments (0)