Vulnerabilidades em jpadilla
8 resultadosCVE-2022-29217HIGHKey confusion through non-blocklisted public key formats in PyJWTEPSS 1.2%CVE-2024-53861LOWIssuer field partial matches allowed in pyjwtEPSS 0.8%CVE-2026-48525MEDIUMPyJWT: Unauthenticated DoS via unbounded Base64URL decoding of unused payload segment in b64=false detached JWSEPSS 0.3%CVE-2026-48524LOWPyJWT: PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)EPSS 0.2%CVE-2026-48526HIGHPyJWT: Public-key JWK accepted as HMAC secret enables forged HS256 tokens when mixed families are allowedEPSS 0.2%CVE-2026-32597HIGHPyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)EPSS 0.2%CVE-2026-48522MEDIUMPyJWKClient: missing scheme allowlist enables SSRF + token forgery via file://, ftp://, data: schemesEPSS 0.2%CVE-2026-48523MEDIUMPyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keysEPSS 0.1%