CVE-2024-37568

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jun 9, 2024
Updated: Aug 15, 2024
CWE ID 284
CWE ID 347

Summary

CVE-2024-37568 is a new vulnerability affecting Authlib before version 1.3.1. This issue involves algorithm confusion with asymmetric public keys in lepture Authlib. When an algorithm is not specified during decoding of a JWT token using jwt.decode, the library unintentionally allows HMAC verification with any asymmetric public key. This vulnerability shares similarities with CVE-2022-29217 and CVE-2024-33663. Attackers can potentially exploit this issue to gain unauthorized access to systems that rely on Authlib for JSON Web Token handling. It's important to update to the latest version of Authlib to mitigate this security risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share