Home > Vulnerability Database > WS-2015-0045

Mend.io Vulnerability Database

WS-2015-0045

Good to know:

Date: December 11, 2017

jsonwebtoken before v4.2.0, PyJWT before 1.0.0, and PHP jose before 2.2.0 allows bypass verification step. An attacker may specify which method to use in order to verify the signature.

Language: Python

Severity Score

6.5

Related Resources (2)

Url: https://github.com/FriendsOfPHP/security-advisories/commit/ff2c5719d50cf9c926695d062fc9200fe99a7768

Url: https://www.mend.io/vulnerability-database/WS-2015-0045

Severity Score

6.5

Weakness Type (CWE)

Authentication Bypass Using an Alternate Path or Channel

CWE-288

Top Fix

Upgrade Version

Upgrade to version v4.2.0,v1.0.0,v2.2.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2015-0045

Good to know:

Date: December 11, 2017

Language: Python

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?