Homepage
About Snyk

Insecure Defaults Affecting authlib package, versions [,1.1.0)

Severity

 Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-AUTHLIB-3152687
  • published 2 Dec 2022
  • disclosed 2 Dec 2022
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 2 Dec 2022

CVE-2022-39174 Open this link in a new tab
CWE-453 Open this link in a new tab

How to fix?

Upgrade authlib to version 1.1.0 or higher.

Overview

authlib is a library in building OAuth and OpenID Connect servers.

Affected versions of this package are vulnerable to Insecure Defaults in its JOSE implementation, which can be invoked without JWS algorithms.

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
6.5 medium
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    Low
  • Availability (A)
    None