VDB

GCVE-VVD-MAGEIA-2024-238

GCVE-VVD-MAGEIA-2024-238
Advisory Published
Vulnetix · Advisory published December 21, 2024
Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaguayadeque0 (affected), 0.6.2-1.mga9 (unaffected)
Mageiapython-authlib0 (affected), 1.3.1-1.mga9 (unaffected)

Aliases

CVE-2024-37568

Transitive aliases

PYSEC-2024-52GHSA-5357-c2jx-v7qhSUSE-SU-2024:2064-1OPENSUSE-SU-2024:14035-1

References

Updated python-authlib packages fix security vulnerability
advisory
Updated python-authlib packages fix security vulnerability
issue
Updated python-authlib packages fix security vulnerability
issue
Updated guayadeque packages fix bugs
advisory
Updated guayadeque packages fix bugs
issue
Updated guayadeque packages fix bugs
issue
Updated guayadeque packages fix bugs
issue
Updated guayadeque packages fix bugs
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›