{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T21:31:14.824","vulnerabilities":[{"cve":{"id":"CVE-2024-53861","sourceIdentifier":"security-advisories@github.com","published":"2024-11-29T19:15:09.433","lastModified":"2025-09-22T18:09:49.877","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `\"acb\"` being accepted for `\"_abc_\"`. This is a bug introduced in version 2.10.0: checking the \"iss\" claim changed from `isinstance(issuer, list)` to `isinstance(issuer, Sequence)`. Since str is a Sequnce, but not a list, `in` is also used for string comparison. This results in `if \"abc\" not in \"__abcd__\":` being checked instead of `if \"abc\" != \"__abc__\":`. Signature checks are still present so real world impact is likely limited to denial of service scenarios. This issue has been patched in version 2.10.1. All users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"pyjwt es una implementación de JSON Web Token en Python. Se ejecuta una comparación de cadena incorrecta para la comprobación de `iss`, lo que da como resultado que `\"acb\"` se acepte en lugar de `\"_abc_\"`. Este es un error introducido en la versión 2.10.0: la comprobación de la reclamación \"iss\" cambió de `isinstance(issuer, list)` a `isinstance(issuer, Sequence)`. Dado que str es una secuencia, pero no una lista, `in` también se utiliza para la comparación de cadenas. Esto da como resultado que se compruebe `if \"abc\" not in \"__abcd__\":` en lugar de `if \"abc\" != \"__abc__\":`. Las comprobaciones de firma aún están presentes, por lo que es probable que el impacto en el mundo real se limite a escenarios de denegación de servicio. Este problema se ha corregido en la versión 2.10.1. Se recomienda a todos los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N","baseScore":2.2,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-697"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pyjwt_project:pyjwt:2.10.0:*:*:*:*:*:*:*","matchCriteriaId":"969521B6-ABE6-4B43-A063-56C58904F8ED"}]}]}],"references":[{"url":"https://github.com/jpadilla/pyjwt/commit/1570e708672aa9036bc772476beae8bfa48f4131#diff-6893ad4a1c5a36b8af3028db8c8bc3b62418149843fc382faf901eaab008e380R366","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jpadilla/pyjwt/commit/33022c25525c1020869c71ce2a4109e44ae4ced1","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}