Security bug in JWT code

VNG-Realisatie / vng-api-common

Gedeelde code voor RESTful APIs

5 stars 12 forks source link

Security bug in JWT code #248

Open CharString opened 7 months ago

CharString commented 7 months ago

This patch should be applied.

https://github.com/maykinmedia/commonground-api-common/commit/20d9345a865338777839e8f02c21cd9d6f5a2cae

melsk-r commented 7 months ago

Are you sure this issue is posted in the right repo? Shouldn't it be posted in the repo https://github.com/maykinmedia/commonground-api-common ?

CharString commented 6 months ago

Yes, I'm sure:

https://github.com/VNG-Realisatie/vng-api-common/blob/609c931b3f8b640aa6dff6d02cfb799745f25eb5/vng_api_common/middleware.py#L141

HenriKorver commented 6 months ago

@CharString Thanks for notifying us on this (potential) bug. The value of the algorithms argument should be indeed a list. Luckily the bug did not yet manifest.