Today > vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-37568

June 9, 2024, 7:15 p.m.

Tags

cve@mitre.org
2024-06-09
CVE-2024-37568

Product(s) Impacted

Authlib

  • before 1.3.1

Description

lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)

Weaknesses

Date

Published: June 9, 2024, 7:15 p.m.

Last Modified: June 9, 2024, 7:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

References

https://github.com/ cve@mitre.org