vulnerability

Ubuntu: USN-3407-1 (CVE-2017-11424): PyJWT vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	2017-08-24	2017-08-31	2025-04-25

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

2017-08-24

Added

2017-08-31

Modified

2025-04-25

Description

It was discovered that a vulnerability in PyJWT doesn't check
invalid_strings properly for some public keys. A remote attacker
could take advantage of a key confusion to craft JWTs from scratch.

Solution(s)

ubuntu-upgrade-python-jwtubuntu-upgrade-python3-jwt

References

CVE-2017-11424
https://attackerkb.com/topics/CVE-2017-11424
DEBIAN-DSA-3979
NVD-CVE-2017-11424
UBUNTU-USN-3407-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today