Aapo Oksman discovered that PyJWT incorrectly handled signatures
constructed from SSH public keys. A remote attacker could use this to forge
a JWT signature.

References

ubuntu.com/security/CVE-2022-29217

ubuntu.com/security/notices/USN-5526-1

nessus 6

prion 1

veracode 1

openvas 14

osv 5

ibm 4

cbl_mariner 2

debiancve 2

fedora 2

redhatcve 2

cve 2

ubuntucve 2

github 2

alpinelinux 1

cvelist 2

mageia 1

nessus

EulerOS 2.0 SP9 : python-jwt (EulerOS-SA-2022-2302)

2022-09-14 00:00:00

EulerOS 2.0 SP10 : python-jwt (EulerOS-SA-2022-2434)

2022-10-08 00:00:00

Amazon Linux 2022 : python-jwt (ALAS2022-2022-241)

2022-12-09 00:00:00

prion

Code injection

2022-05-24 15:15:00

veracode

Authentication Bypass

2022-05-25 07:35:03

openvas

Ubuntu: Security Advisory (USN-5526-1)

2022-07-21 00:00:00

openSUSE: Security Advisory for python-PyJWT (SUSE-SU-2022:2402-1)

2022-07-15 00:00:00

Fedora: Security Advisory for python-jwt (FEDORA-2022-3cf456dc20)

2022-05-28 00:00:00

osv

Key confusion through non-blocklisted public key formats

2022-05-24 22:17:27

CVE-2022-29217

2022-05-24 15:15:07

PYSEC-2022-202

2022-05-24 15:15:00

ibm

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in PyJWT

2022-08-03 19:34:31

Security Bulletin: Multiple vulnerabilities affect IBM Db2 On Openshift, IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data

2022-10-27 15:10:28

Security Bulletin: Multiple Vulnerabilities in Cloud Pak for Watson AIOPs

2022-10-03 18:44:01

cbl_mariner

CVE-2022-29217 affecting package python-jwt for versions less than 2.4.0-1

2022-06-26 03:29:33

CVE-2022-29217 affecting package python-jwt 1.7.1-9

2022-07-14 20:59:55

debiancve

CVE-2022-29217

2022-05-24 15:15:00

CVE-2024-33663

2024-04-26 00:15:09

fedora

[SECURITY] Fedora 35 Update: python-jwt-2.4.0-1.fc35

2022-06-01 01:27:09

[SECURITY] Fedora 36 Update: python-jwt-2.4.0-1.fc36

2022-05-27 01:10:44

redhatcve

CVE-2022-29217

2022-05-25 02:21:09

CVE-2024-33663

2024-04-26 06:04:23

cve

CVE-2022-29217

2022-05-24 15:15:00

CVE-2024-33663

2024-04-26 00:15:09

ubuntucve

CVE-2022-29217

2022-05-24 00:00:00

CVE-2024-33663

2024-04-26 00:00:00

github

Key confusion through non-blocklisted public key formats

2022-05-24 22:17:27

python-jose algorithm confusion with OpenSSH ECDSA keys

2024-04-26 00:30:35

alpinelinux

CVE-2022-29217

2022-05-24 15:15:00

cvelist

CVE-2022-29217 Key confusion through non-blocklisted public key formats in PyJWT

2022-05-24 14:10:10

CVE-2024-33663

2024-04-25 00:00:00

mageia

Updated python-pyjwt packages fix security vulnerability

2022-07-01 00:31:09

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for OSV:USN-5526-1