Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack ...
Continue ReadingJuly 04, 2022
A go implementation of JSON Web Tokens. Supports the parsing and verification, as well as the generation and signing of JWTs.Read More ...
Continue ReadingJuly 04, 2022
Golang implementation of json web tokens (jwt).Read More ...
Continue ReadingJuly 04, 2022
A malicious account can create and sign a User JWT which causes a panic when decoded by the NATS JWT library.Read More ...
Continue ReadingJuly 01, 2022
Import tokens valid for one account may be used for any other account. Validation of Import token bindings incorrectly warns on mismatches, rather than rejecting the Goken. This permits a token for on ...
Continue ReadingJuly 01, 2022
The ScalarMult implementation of curve P-256 for amd64 architectures generates incorrect results for certain specific input points. An adaptive attack can progressively extract the scalar input to Sca ...
Continue ReadingJuly 01, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue ReadingJuly 01, 2022
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack ...
Continue ReadingJuly 01, 2022
Back to Main