Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37834?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37834?format=api", "vulnerability_id": "VCID-tarz-9jbb-13ea", "summary": "JWT Verification bypass\nIt is possible for an attacker to bypass verification when \"a token digitally signed with an asymetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family)\". It is also possible for an attacker to create his own signed token with any payload he wants and have it considered valid using the \"none\" algorithm.", "aliases": [ { "alias": "GMS-2015-6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10242?format=api", "purl": "pkg:pypi/pyjwt@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@1.0.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/10223?format=api", "purl": "pkg:pypi/pyjwt@0.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10224?format=api", "purl": "pkg:pypi/pyjwt@0.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/10225?format=api", "purl": "pkg:pypi/pyjwt@0.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/10226?format=api", "purl": "pkg:pypi/pyjwt@0.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/10227?format=api", "purl": "pkg:pypi/pyjwt@0.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/10228?format=api", "purl": "pkg:pypi/pyjwt@0.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/10229?format=api", "purl": "pkg:pypi/pyjwt@0.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/10230?format=api", "purl": "pkg:pypi/pyjwt@0.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/10231?format=api", "purl": "pkg:pypi/pyjwt@0.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/10232?format=api", "purl": "pkg:pypi/pyjwt@0.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10233?format=api", "purl": "pkg:pypi/pyjwt@0.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10234?format=api", "purl": "pkg:pypi/pyjwt@0.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/10235?format=api", "purl": "pkg:pypi/pyjwt@0.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10236?format=api", "purl": "pkg:pypi/pyjwt@0.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10237?format=api", "purl": "pkg:pypi/pyjwt@0.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/10238?format=api", "purl": "pkg:pypi/pyjwt@0.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/10239?format=api", "purl": "pkg:pypi/pyjwt@0.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/10240?format=api", "purl": "pkg:pypi/pyjwt@0.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/10241?format=api", "purl": "pkg:pypi/pyjwt@0.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2n5t-qfqc-mfbv" }, { "vulnerability": "VCID-35nm-u4sh-nugf" }, { "vulnerability": "VCID-cdtk-hczs-jud3" }, { "vulnerability": "VCID-d2zq-ad9y-ubbs" }, { "vulnerability": "VCID-gptc-c34t-g3e4" }, { "vulnerability": "VCID-tarz-9jbb-13ea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/pyjwt@0.4.3" } ], "references": [ { "reference_url": "https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/" }, { "reference_url": "https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tarz-9jbb-13ea" }