Mageia: 2024-0238 Moderate: python-authlib Algorithm Confusion Issue
mageia
June 25, 2024
Authlib before 1.3.1 has algorithm confusion with asymmetric public keys
Summary
Authlib before 1.3.1 has algorithm confusion with asymmetric public
keys. Unless an algorithm is specified in a jwt.decode call, HMAC
verification is allowed with any asymmetric public key. (This is similar
to CVE-2022-29217 and CVE-2024-33663.)
References
- https://bugs.mageia.org/show_bug.cgi?id=33315
- https://lists.suse.com/pipermail/sle-updates/2024-June/035616.html
- https://www.cve.org/CVERecord?id=CVE-2024-37568
Topics Covered
Resolution
SRPMS
- 9/core/python-authlib-1.3.1-1.mga9
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 25 Jun 2024
URL: https://advisories.mageia.org/MGASA-2024-0238.html
Type: security
CVE: CVE-2024-37568
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!