CVE-2024-37568
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-37568 is a new vulnerability affecting Authlib before version 1.3.1. This issue involves algorithm confusion with asymmetric public keys in lepture Authlib. When an algorithm is not specified during decoding of a JWT token using jwt.decode, the library unintentionally allows HMAC verification with any asymmetric public key. This vulnerability shares similarities with CVE-2022-29217 and CVE-2024-33663. Attackers can potentially exploit this issue to gain unauthorized access to systems that rely on Authlib for JSON Web Token handling. It's important to update to the latest version of Authlib to mitigate this security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Authlib