VYPR
Critical severityNVD Advisory· Published Sep 23, 2022· Updated Aug 3, 2024

Python-jwt subject to Authentication Bypass by Spoofing

CVE-2022-39227

Description

python-jwt is a module for generating and verifying JSON Web Tokens. Versions prior to 3.3.4 are subject to Authentication Bypass by Spoofing, resulting in identity spoofing, session hijacking or authentication bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. Users should upgrade to version 3.3.4. There are no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
python-jwtPyPI
< 3.3.43.3.4

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.