CNNVD-202510-1443 Information
CNNVD ID
CNNVD-202510-1443
Related CVE
- CNNVD Published: 2025-10-10
Description (Chinese)
python-jose是Michael Davis个人开发者的一个 Python 中的 JOSE 实现。 python-jose 3.3.0及之前版本存在安全漏洞,该漏洞源于未强制执行alg=none令牌拒绝,可能导致绕过身份验证检查,进而导致权限提升或未经授权的访问。
Description (English)
Python-jose is a Python of Michael Davis’ personal developer. There is a security loophole in python-jose 3.3.0 and earlier versions, which stems from the non-enforcement of alg=none token rejection, which may result in circumvention of the identification check, which in turn leads to enhanced authority or unauthorized access.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-10-10
Last Modified
2026-02-24
References
https://github.com/javiermorales36/PoC-for-python-jose-alg-none-JWT-bypass-vulnerability/blob/main/CVE-2025-61152_Security_Advisory.md https://github.com/mpdavis/python-jose/issues/391 https://pypi.org/project/python-jose https://access.redhat.com/security/cve/cve-2025-61152
Patch
https://pypi.org/project/python-jose/
Share on: