flask-jwt icon indicating copy to clipboard operation
flask-jwt copied to clipboard

Published 20 hours ago verified publisher icon mattupstate

Vulnerabilities found in PyJWT back in 2015

Open GeekOnGadgets opened this issue 8 years ago • 5 comments

Hi,

Thanks for awesome library. Just wanted to confirm something related to PyJWT library you are using in your project. Back in 2015 (https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/) Vulnerability issue was found with PyJWT not sure if that has been fixed now or still have to do a work around? Can't find much information out there.

Sorry for creating this as a issue. Hope you can provide with some info.

Thanks

GeekOnGadgets avatar Apr 27 '17 03:04 GeekOnGadgets

@GeekOnGadgets do you know whether this project is still going?

Thanks

yunderboy avatar May 24 '17 01:05 yunderboy

@yunderboy I don't think so. use https://github.com/vimalloc/flask-jwt-extended

GeekOnGadgets avatar May 24 '17 01:05 GeekOnGadgets

Not sure about this extension, but for what it's worth Flask JWT Extended is protected against this vulnerability.

vimalloc avatar May 24 '17 03:05 vimalloc

@vimalloc, cool! Any idea on how long you might be maintaining the extension, and would you happen to need some help?

yunderboy avatar May 24 '17 19:05 yunderboy

We use the extension at my job, so it will be maintained for quiet a while yet. And I would never turn down any help :+1:

vimalloc avatar May 24 '17 19:05 vimalloc