DSA-3293 pyjwt - security update
|
Información sobre el sistema
|
|
|
Software afectado |
Debian |
Descripción
|
Tim McLean discovered that pyjwt, a Python implementation of JSON WebToken, would try to verify an HMAC signature using an RSA or ECDSA publickey as secret. This could allow remote attackers to trick applicationsexpecting tokens signed with asymmetric keys, into accepting arbitrarytokens. For more information see: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/.
More info:
https://www.debian.org/security/2015/dsa-3293 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
DSA-3293. |