Skip to content

[GHSA-993g-76c3-p5m4] PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes#8521

Open
shaked-seal wants to merge 1 commit into
shaked-seal/advisory-improvement-8521from
shaked-seal-GHSA-993g-76c3-p5m4
Open

[GHSA-993g-76c3-p5m4] PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes#8521
shaked-seal wants to merge 1 commit into
shaked-seal/advisory-improvement-8521from
shaked-seal-GHSA-993g-76c3-p5m4

Commits

Commits on Jul 7, 2026