DescriptionIn PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs873244

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pyjwt (PTS)jessie (security), jessie0.2.1-1+deb8u2fixed
stretch (security), stretch1.4.2-1+deb9u1fixed
buster, sid1.5.3+ds1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


Search for package or bug name: Reporting problems