How severe is CVE-2024-53861?

This vulnerability has a severity rating of LOW with a CVSS score of 2.2 out of 10.

What type of vulnerability is CVE-2024-53861?

This is classified as CWE-697, which is a common weakness in software security.

CVE-2024-53861

LOW Year: 2024

CVSS v3 Score

2.2

Low

Weakness Type

CWE-697

View all →

Vulnerability Description

pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. This is a bug introduced in version 2.10.0: checking the "iss" claim changed from `isinstance(issuer, list)` to `isinstance(issuer, Sequence)`. Since str is a Sequnce, but not a list, `in` is also used for string comparison. This results in `if "abc" not in "__abcd__":` being checked instead of `if "abc" != "__abc__":`. Signature checks are still present so real world impact is likely limited to denial of service scenarios. This issue has been patched in version 2.10.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2019-20634

LOW

CVSS:3.7(Low)

An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model ...

CWE-6972019

CVE-2014-125057

CRITICAL

CVSS:9.8(Critical)

A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipula...

CWE-6972014

CVE-2020-23359

CRITICAL

CVSS:9.8(Critical)

WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can ...

CWE-6972020

CVE-2020-23360

CRITICAL

CVSS:9.8(Critical)

oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/passwo...

CWE-6972020

CVE-2021-35973

CRITICAL

CVSS:9.8(Critical)

NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /usr/sbin/mini_httpd, allowing an unauthenticated attacker to invoke any action by adding the &currents...

CWE-6972021

CVE-2021-3833

CRITICAL

CVSS:9.8(Critical)

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted pass...

CWE-6972021

CVE-2024-53861

Vulnerability Description

Related Vulnerabilities

CVE-2019-20634

CVE-2014-125057

CVE-2020-23359

CVE-2020-23360

CVE-2021-35973

CVE-2021-3833