Skip to content

Fix for GHSA-gg9x-qcx2-xmrh#190

Open
keycard-gh-workflows-access[bot] wants to merge 1 commit into
mainfrom
socket/fix/GHSA-gg9x-qcx2-xmrh
Open

Fix for GHSA-gg9x-qcx2-xmrh#190
keycard-gh-workflows-access[bot] wants to merge 1 commit into
mainfrom
socket/fix/GHSA-gg9x-qcx2-xmrh

Conversation

@keycard-gh-workflows-access

Copy link
Copy Markdown
Contributor

Socket fix for GHSA-gg9x-qcx2-xmrh.

Vulnerability Summary: joserfc: HS256/HS384/HS512 verify accepts empty/nil HMAC key (cross-language sibling of CVE-2026-45363)

Severity: HIGH

Affected Packages: joserfc (PIP)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants