Site icon API Security Blog

CVE-2022-0931

3scale's gateway usage of JWT does not properly handle verification of algorithm claims in the token header. An attacker could use this flaw to create a signed token with improper claims and thus to bypass security restrictions for the…Read More

Exit mobile version