Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack ...

Continue Reading
[SECURITY] Fedora 36 Update: golang-github-jwt-3.2.2-3.fc36

A go implementation of JSON Web Tokens. Supports the parsing and verification, as well as the generation and signing of JWTs.Read More ...

Continue Reading
[SECURITY] Fedora 36 Update: golang-github-dgrijalva-jwt-3.2.0-11.fc36

Golang implementation of json web tokens (jwt).Read More ...

Continue Reading
GO-2022-0402

A malicious account can create and sign a User JWT which causes a panic when decoded by the NATS JWT library.Read More ...

Continue Reading
GO-2022-0386

Import tokens valid for one account may be used for any other account. Validation of Import token bindings incorrectly warns on mismatches, rather than rejecting the Goken. This permits a token for on ...

Continue Reading
GO-2022-0187

The ScalarMult implementation of curve P-256 for amd64 architectures generates incorrect results for certain specific input points. An adaptive attack can progressively extract the scalar input to Sca ...

Continue Reading
CVE-2022-25898

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack ...

Continue Reading

Back to Main

Subscribe for the latest news: