Python implementation of the Javascript Object Signing and Encryption (JOSE) framework (https://datatracker.ietf.org/wg/jose/charter/)
BSD 3-Clause "New" or "Revised" License
95
stars
34
forks
source link
bugfix/algorithm substitution vulnerability #6
Closed
yuriikonovaliuk closed 9 years ago
Fix for vulnerability from issue https://github.com/Demonware/jose/issues/5 It is implemented in the way suggested in https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/