CNNVD-202510-1416 Information
CNNVD ID
CNNVD-202510-1416
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
Authlib是Authlib开源的一个构建 OAuth 和 OpenID Connect 服务器的终极 Python 库。 Authlib 1.6.5之前版本存在安全漏洞,该漏洞源于JOSE实现接受无限制的JWS/JWT标头和签名段,可能导致拒绝服务攻击。
Description (English)
Authlib is the ultimate Python library for building the OAuth and OpenID Connect servers. A security loophole existed in the previous version of Authlib 1.6.5, which originated from the fact that José had achieved acceptance of the unrestricted JWS/JWT header and signature section, which could lead to a denial of service attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Authlib
Published
2025-10-10
Last Modified
2026-02-24
References
https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9 https://vigilance.fr/vulnerability/Authlib-overload-via-JOSE-JWS-JWT-Header-Signature-Segments-48573 https://access.redhat.com/security/cve/cve-2025-61920
Patch
https://github.com/authlib/authlib/releases
Share on: