Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/oic@0.7.0
Typepypi
Namespace
Nameoic
Version0.7.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.1
Latest_non_vulnerable_version1.2.1
Affected_by_vulnerabilities
0
url VCID-8kgq-3msk-8qdr
vulnerability_id VCID-8kgq-3msk-8qdr
summary Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26244
reference_id
reference_type
scores
0
value 0.00207
scoring_system epss
scoring_elements 0.43196
published_at 2026-06-11T12:55:00Z
1
value 0.00207
scoring_system epss
scoring_elements 0.43353
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26244
1
reference_url https://github.com/OpenIDC/pyoidc
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OpenIDC/pyoidc
2
reference_url https://github.com/OpenIDC/pyoidc/commit/62f8d753fa17c8b1f29f8be639cf0b33afb02498
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OpenIDC/pyoidc/commit/62f8d753fa17c8b1f29f8be639cf0b33afb02498
3
reference_url https://github.com/OpenIDC/pyoidc/releases/tag/1.2.1
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OpenIDC/pyoidc/releases/tag/1.2.1
4
reference_url https://github.com/OpenIDC/pyoidc/security/advisories/GHSA-4fjv-pmhg-3rfg
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/OpenIDC/pyoidc/security/advisories/GHSA-4fjv-pmhg-3rfg
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/oic/PYSEC-2020-69.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/oic/PYSEC-2020-69.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26244
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26244
7
reference_url https://pypi.org/project/oic
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 7.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pypi.org/project/oic
8
reference_url https://pypi.org/project/oic/
reference_id
reference_type
scores
url https://pypi.org/project/oic/
9
reference_url https://github.com/advisories/GHSA-4fjv-pmhg-3rfg
reference_id GHSA-4fjv-pmhg-3rfg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fjv-pmhg-3rfg
fixed_packages
0
url pkg:pypi/oic@1.2.1
purl pkg:pypi/oic@1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/oic@1.2.1
aliases CVE-2020-26244, GHSA-4fjv-pmhg-3rfg, PYSEC-2020-69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kgq-3msk-8qdr
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/oic@0.7.0