Description
pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 14 | | =2.10.1-2 || =2.10.1-3 || =2.10.1-4 || =2.11.0-2 || =2.12.1-1 | - |
debian 12 | | =2.10.1-1 || =2.10.1-2 || =2.10.1-3 || =2.10.1-4 || =2.11.0-2 || =2.12.1-1 || =2.6.0-1 || =2.7.0-1 | - |
debian 11 | | =1.7.1-2 || =2.1.0-1 || =2.1.0-1~bpo11+1 || =2.10.1-1 || =2.10.1-2 || =2.10.1-3 || =2.10.1-4 || =2.11.0-2 || =2.12.1-1 || =2.3.0-1 || =2.4.0-1 || =2.4.0-2 || =2.6.0-1 || =2.7.0-1 | - |
debian 13 | | =2.10.1-2 || =2.10.1-3 || =2.10.1-4 || =2.11.0-2 || =2.12.1-1 | - |
 pypi | | =0.1.1 || =0.1.2 || =0.1.3 || =0.1.4 || =0.1.5 || =0.1.6 || =0.1.7 || =0.1.8 || =0.1.9 || =0.2.0 || =0.2.1 || =0.2.3 || =0.3.0 || =0.3.1 || =0.3.2 || =0.4.0 || =0.4.1 || =0.4.2 || =0.4.3 || =1.0.0 || =1.0.1 || =1.1.0 || =1.3.0 || =1.4.0 || =1.4.1 || =1.4.2 || =1.5.0 || =1.5.1 || =1.5.2 || =1.5.3 || =1.6.0 || =1.6.1 || =1.6.3 || =1.6.4 || =1.7.0 || =1.7.1 || =2.0.0 || =2.0.0a1 || =2.0.0a2 || =2.0.1 || =2.1.0 || =2.10.0 || =2.10.1 || =2.2.0 || =2.3.0 || =2.4.0 || =2.5.0 || =2.6.0 || =2.7.0 || =2.8.0 || =2.9.0 || >=0 <=2.10.1 | 2.11.0 |
