Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack ...

Continue Reading

01 июля, 2022

An attacker submitting the JWT token can choose the used signing algorithm (CVE-2022-29217)Read More ...

Continue Reading

30 июня, 2022

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGtbU4Y_Bwpkax3z9WFvKe0rCOG4yc5X6AudLW0x0KLeSp0lCnkADfZDCLr5TDkt6HzMiQ7V4KKMiaPjj7fXJQY1mR3eTtNpZp3Iz-JBOPbexKCuutBvWHBUxmyIlCK7FGTcUJdu ...

Continue Reading

29 июня, 2022

jsrsasign is vulnerable to insecure signature verification. The vulnerability exists because the library does not properly validate the `JWS` or `JWT` signature with non-Base64URL encoding special cha ...

Continue Reading

27 июня, 2022

The OIDC JWT token issued on a new Sign in with Apple ID to the Cloudflare Dashboard had an excessive lifetime. When intercepted by a malicious actor, it enabled impersonation of the affected user on ...

Continue Reading

27 июня, 2022

The `host_header` action parameter available to rulesets in the [Origin Rules API](https://developers.cloudflare.com/rules/origin-rules/) lacked sufficient input validation i.e., allowing CRLF charact ...

Continue Reading

27 июня, 2022

### Impact Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may ...

Continue Reading

25 июня, 2022

### Impact Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may ...

Continue Reading

25 июня, 2022