CVE-2025-45768

描述

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).

受影響套件(2)

• Debian/pyjwtfrom 0
• PyPI/pyjwtfrom 0, <= 2.10.1

CVSS 分數

參考連結(4)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-45768
• PATCHhttps://github.com/jpadilla/pyjwt
• REPORThttps://gist.github.com/ZupeiNie/6f65e564f2067b876321d3dfdbb76569
• WEBhttps://github.com/jpadilla