USN-3407-1

Source

https://ubuntu.com/security/notices/USN-3407-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-3407-1.json

Related

CVE-2017-11424

Published

2017-08-30T18:52:29.565935Z

Modified

2017-08-30T18:52:29.565935Z

Summary

pyjwt vulnerability

Details

It was discovered that a vulnerability in PyJWT doesn't check invalid_strings properly for some public keys. A remote attacker could take advantage of a key confusion to craft JWTs from scratch.

References

https://ubuntu.com/security/notices/USN-3407-1
https://ubuntu.com/security/CVE-2017-11424

Affected packages

Ubuntu:16.04:LTS / pyjwt

Package

Name: pyjwt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.3.0-1ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "python-jwt": "1.3.0-1ubuntu0.1",
            "python3-jwt": "1.3.0-1ubuntu0.1"
        }
    ]
}