Safety vulnerability ID: 74429
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of pyjwt are vulnerable to Partial Comparison (CWE-187). This flaw allows attackers to bypass issuer (iss) verification by providing partial matches, potentially granting unauthorized access. The vulnerability arises in the decode method of api_jwt.py, where issuer validation incorrectly treats strings as sequences, leading to partial matches (e.g., "abc" being accepted for "__abc__"). Exploiting this requires crafting JWTs with partially matching iss claims, which is straightforward.
Latest version: 2.10.1
JSON Web Token implementation in Python
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application