Apache APISIX < 2.13.1 Information Disclosure

The version of Apache APISIX installed on the remote host is prior to 2.13.1. It is, therefore, potentially affected by an information disclosure vulnerability because the jwt-auth plugin has a securi ...

Continue Reading
Improper Access Control

github.com/awake1t/linglong is vulnerable to access control bypass. The vulnerability exists in the `jwt.go` due to the hard coded jwt token which allows an attacker to craft a malicious cookie and ga ...

Continue Reading
Ubuntu 18.04 LTS / 20.04 LTS : InfluxDB vulnerability (USN-5451-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5451-1 advisory. - InfluxDB before 1.7.6 has an authentication bypas ...

Continue Reading
[SECURITY] Fedora 36 Update: python-jwt-2.4.0-1.fc36

A Python implementation of JSON Web Token draft 01. This library provides a means of representing signed content using JSON data structures, including claims to be transferred between two parties enco ...

Continue Reading
GO-2022-0217

A DoS vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves may let an attacker craft inputs that consume excessive amounts of CPU. These inputs might be delivere ...

Continue Reading
CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT ...

Continue Reading
Import token permissions checking not enforced

(This advisory is canonically ) ## Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Impo ...

Continue Reading
Nil dereference in NATS JWT, DoS of nats-server

## Problem Description The NATS account system has an Operator trusted by the servers, which signs Accounts, and each Account can then create and sign Users within their account. The Operator should ...

Continue Reading

Back to Main

Subscribe for the latest news: