CVE-2024-53861: PyJWT Issuer field partial matches allowed
The wrong string if check is run for iss checking, resulting in "acb" being accepted for "_abc_".
References
- github.com/advisories/GHSA-75c5-xw7c-p5pm
- github.com/jpadilla/pyjwt
- github.com/jpadilla/pyjwt/commit/1570e708672aa9036bc772476beae8bfa48f4131
- github.com/jpadilla/pyjwt/commit/33022c25525c1020869c71ce2a4109e44ae4ced1
- github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm
- nvd.nist.gov/vuln/detail/CVE-2024-53861
Detect and mitigate CVE-2024-53861 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →