CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29217 – Key confusion through non-blocklisted public key formats in PyJWT
https://notcve.org/view.php?id=CVE-2022-29217
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. • https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc https://github.com/jpadilla/pyjwt/releases/tag/2.4.0 https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PK7IQCBVNLYJEFTPHBBPFP72H4WUFNX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HIYEYZRQEP6QTHT3EHH3RGFYJIHIMAO • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-11424
https://notcve.org/view.php?id=CVE-2017-11424
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch. En PyJWT 1.5.0 y anteriores, la comprobación `invalid_strings` en `HMACAlgorithm.prepare_key` no da cuenta de todas las claves públicas codificadas PEM. Específicamente, el formato codificado PKCS1 PEM se permitiría porque va precedido por la cadena `-----BEGIN RSA PUBLIC KEY-----`, la cual no se tiene en cuenta. • http://www.debian.org/security/2017/dsa-3979 https://github.com/jpadilla/pyjwt/pull/277 •