Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/10649?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10649?format=api", "vulnerability_id": "VCID-f2z3-59j1-sbcz", "summary": "JWT Verification bypass\nIt is possible for an attacker to bypass verification when \"a token digitally signed with an asymetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)\". It is also possible for an attacker to create his own signed token with any payload he wants and have it considered valid using the \"none\" algorithm.", "aliases": [ { "alias": "GMS-2015-6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/9017?format=api", "purl": "pkg:pypi/pyjwt@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@1.0.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/8998?format=api", "purl": "pkg:pypi/pyjwt@0.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/8999?format=api", "purl": "pkg:pypi/pyjwt@0.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/9000?format=api", "purl": "pkg:pypi/pyjwt@0.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/9001?format=api", "purl": "pkg:pypi/pyjwt@0.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/9002?format=api", "purl": "pkg:pypi/pyjwt@0.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/9003?format=api", "purl": "pkg:pypi/pyjwt@0.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/9004?format=api", "purl": "pkg:pypi/pyjwt@0.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/9005?format=api", "purl": "pkg:pypi/pyjwt@0.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/9006?format=api", "purl": "pkg:pypi/pyjwt@0.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/9007?format=api", "purl": "pkg:pypi/pyjwt@0.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/9008?format=api", "purl": "pkg:pypi/pyjwt@0.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9009?format=api", "purl": "pkg:pypi/pyjwt@0.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/9010?format=api", "purl": "pkg:pypi/pyjwt@0.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/9011?format=api", "purl": "pkg:pypi/pyjwt@0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9012?format=api", "purl": "pkg:pypi/pyjwt@0.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/9013?format=api", "purl": "pkg:pypi/pyjwt@0.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/9014?format=api", "purl": "pkg:pypi/pyjwt@0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/9015?format=api", "purl": "pkg:pypi/pyjwt@0.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/9016?format=api", "purl": "pkg:pypi/pyjwt@0.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-f2z3-59j1-sbcz" }, { "vulnerability": "VCID-hsbn-cwfz-efh6" }, { "vulnerability": "VCID-wpjr-kr1k-rba8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.4.3" } ], "references": [ { "reference_url": "https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/" }, { "reference_url": "https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2z3-59j1-sbcz" }