Lucene search
Veracode Vulnerability DatabaseVERACODE:37285HistorySep 27, 2022 - 3:49 a.m.
Authentication Bypass
2022-09-2703:49:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
43
authentication
bypass
spoofing
jwt
sessions
software
EPSS
0.001
Percentile
38.3%
python-jwt is vulnerable to authentication bypass. An attacker can spoof the other user’s identities and hijack their sessions by obtaining the JWT token and arbitrarily forging its contents without knowing the secret key through the verify_jwt function of __init__.py
Related
cbl_mariner
cbl_mariner
CVE-2022-39227 affecting package python-jwt for versions less than 2.4.0-2
2022-10-17 22:54:37
CVE-2022-39227 affecting package python-jwt 2.4.0-1
2022-10-13 00:40:11
nessus
nessus
CBL Mariner 2.0 Security Update: python-jwt (CVE-2022-39227)
2023-03-28 00:00:00
cvelist
cvelist
CVE-2022-39227 Python-jwt subject to Authentication Bypass by Spoofing
2022-09-23 06:55:09
redhatcve
redhatcve
CVE-2022-39227
2022-09-26 08:49:08
nvd
nvd
CVE-2022-39227
2022-09-23 07:15:09
prion
prion
Authentication flaw
2022-09-23 07:15:00
osv
osv
python-jwt vulnerable to token forgery with new claims
2022-09-21 21:33:22
CVE-2022-39227
2022-09-23 07:15:09
PYSEC-2022-259
2022-09-01 18:51:51
github
github
python-jwt vulnerable to token forgery with new claims
2022-09-21 21:33:22
cve
cve
CVE-2022-39227
2022-09-23 07:15:09
githubexploit
githubexploit
vulnrichment
vulnrichment
CVE-2022-39227 Python-jwt subject to Authentication Bypass by Spoofing
2022-09-23 06:55:09