CNNVD-202511-1960 Information
CNNVD ID
CNNVD-202511-1960
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
joserfc是Authlib开源的一个Python库。 joserfc 1.3.3版本至1.3.5之前版本和1.4.0版本至1.4.2之前版本存在安全漏洞,该漏洞源于ExceededSizeError异常消息嵌入未解码JWT令牌部分,可能导致记录任意大的伪造JWT负载。
Description (English)
Joserfc is an open-source Python library for Authlib. There is a security loophole in the pre-versions of joserfc 1.3.3 to 1.3.5 and 1.4.0 to 1.4.2, which stems from the fact that Excelled Size Error’s anomaly is embedded in the uncoded JWT command, which may result in arbitrary false JWT loads being recorded.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Authlib
Published
2025-11-18
Last Modified
2026-02-24
References
https://github.com/authlib/joserfc/commit/63932f169d924caffafa761af2122b82059017f7 https://github.com/authlib/joserfc/commit/673c8743fd0605b0e1de6452be6cba75f44e466b https://github.com/authlib/joserfc/releases/tag/1.3.5 https://github.com/authlib/joserfc/releases/tag/1.4.2 https://github.com/authlib/joserfc/security/advisories/GHSA-frfh-8v73-gjg4
Patch
https://github.com/authlib/joserfc/releases
Share on: