python-jwt@3.2.4 vulnerabilities

Module for generating and verifying JSON Web Tokens

latest version

4.1.0
latest non vulnerable version

4.1.0
first published

11 years ago
latest version published

a year ago
licenses detected
- MIT
  [0,)
View python-jwt package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the python-jwt package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Improper Authentication python-jwt is a Module for generating and verifying JSON Web Tokens Affected versions of this package are vulnerable to Improper Authentication by arbitrarily forging the JWT content without the need to know the secret key. Exploiting this vulnerability might result in spoofing other users' identities, hijacking users' sessions, or bypassing authentication. How to fix Improper Authentication? Upgrade `python-jwt` to version 3.3.4 or higher.	[3.0.0,3.3.4)
M Authentication Bypass python-jwt is a Module for generating and verifying JSON Web Tokens Affected versions of this package are vulnerable to Authentication Bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication. How to fix Authentication Bypass? Upgrade `python-jwt` to version 3.3.4 or higher.	[,3.3.4)

Improper Authentication

python-jwt is a Module for generating and verifying JSON Web Tokens

Affected versions of this package are vulnerable to Improper Authentication by arbitrarily forging the JWT content without the need to know the secret key. Exploiting this vulnerability might result in spoofing other users' identities, hijacking users' sessions, or bypassing authentication.

How to fix Improper Authentication?

Upgrade python-jwt to version 3.3.4 or higher.

[3.0.0,3.3.4)

Authentication Bypass

python-jwt is a Module for generating and verifying JSON Web Tokens

Affected versions of this package are vulnerable to Authentication Bypass. An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user's identities, hijack their sessions, or bypass authentication.

How to fix Authentication Bypass?

Upgrade python-jwt to version 3.3.4 or higher.

[,3.3.4)

Go back to all versions of this package

python-jwt@3.2.4 vulnerabilities

Module for generating and verifying JSON Web Tokens

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities