CNNVD-202509-3540 Information
CNNVD ID
CNNVD-202509-3540
Related CVE
- CNNVD Published: 2025-09-22
Description (Chinese)
Authlib是Authlib开源的一个构建 OAuth 和 OpenID Connect 服务器的终极 Python 库。 Authlib 1.6.4之前版本存在安全漏洞,该漏洞源于JWS验证接受声明未知关键标头参数的令牌,可能导致策略绕过、重放或权限提升。
Description (English)
Authlib is the ultimate Python library for building the OAuth and OpenID Connect servers. There was a security loophole in the previous version of Authlib 1.6.4, which originated from the JWS verification of the tokens of acceptance of the key marker parameters unknown in the statement, which could lead to tactical circumvention, re-play or increase the permissions.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Authzed
Published
2025-09-22
Last Modified
2026-02-24
References
https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32 https://access.redhat.com/security/cve/cve-2025-59420 https://vigilance.fr/vulnerability/Authlib-write-access-via-Critical-Header-48607
Patch
https://github.com/authlib/authlib/releases
Share on: