Security Update Advisory for python-jwt Package (CVE-2022-39227)

Feb 28 2024

Overview

An update has been made available to fix vulnerabilities in the python-jwt package. Users of affected versions are advised to update to the latest version.

Affected Products

versions of the python-jwt package prior to 3.3.4

Resolved Vulnerabilities

vulnerability in the python-jwt package due to manipulation of the generated JWT content that could allow an attacker to impersonate another user or bypass authentication (CVE-2022-39227)

Vulnerability Patches

vulnerability patches were made available in the September 1, 2022 update. Please update to the latest vulnerability patch version according to the reference site.

python-jwt package version 3.3.4

Referenced Sites

[1] CVE-2022-39227 Detail
https://nvd.nist.gov/vuln/detail/CVE-2022-39227
[2] Token forgery with new claims
https://github.com/davedoesdev/python-jwt/security/advisories/GHSA-5p8v-58qm-c7fp
[3] fix vulnerability
https://github.com/davedoesdev/python-jwt/commit/88ad9e67c53aa5f7c43ec4aa52ed34b7930068c9
[4] PYSEC-2022-259 now has a CVE assigned (#101)
https:// github.com/pypa/advisory-database/blob/main/vulns/python-jwt/PYSEC-2022-259.yaml

Security Update Advisory for python-jwt Package (CVE-2022-39227)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

WordPress Ultimate Member Plugin Security Update Advisory (CVE-2024-1071)

Advisory for aiohttp Framework Security Update (CVE-2024-23334)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

WordPress Ultimate Member Plugin Security Update Advisory (CVE-2024-1071)

Advisory for aiohttp Framework Security Update (CVE-2024-23334)