Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
id: PYSEC-2022-259
details: An attacker who obtains a JWT can arbitrarily forge its contents without
knowing the secret key. Depending on the application, this may for example enable
the attacker to spoof other user's identities, hijack their sessions, or bypass
authentication.
modified: '2022-09-05T01:24:44.773501Z'
published: '2022-09-01T18:51:51Z'
references:
- type: FIX
url: https://github.com/davedoesdev/python-jwt/commit/88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9
affected:
- package:
name: python-jwt
ecosystem: PyPI
purl: pkg:pypi/python-jwt
ranges:
- type: GIT
repo: https://github.com/davedoesdev/python-jwt
events:
- introduced: f6d1451012c6a04c2fb1940f0bbd93bb6cf2b025
- fixed: 88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9
- type: ECOSYSTEM
events:
- introduced: 3.0.0
- fixed: 3.3.4
versions:
- 3.3.0
- 3.1.0
- 3.2.0
- 3.2.1
- 3.2.2
- 3.2.3
- 3.2.4
- 3.2.5
- 3.2.6
- 3.3.0
- 3.3.1
- 3.3.2
- 3.3.3
- 3.0.0
aliases:
- CVE-2022-39227
- GHSA-5p8v-58qm-c7fp