A malicious account can create and sign a User JWT which causes a panic when decoded by the NATS JWT library.Read More ...
Continue ReadingJuly 01, 2022
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...
Continue ReadingJuly 01, 2022
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack ...
Continue ReadingJuly 01, 2022
An attacker submitting the JWT token can choose the used signing algorithm (CVE-2022-29217)Read More ...
Continue ReadingJune 30, 2022
[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGtbU4Y_Bwpkax3z9WFvKe0rCOG4yc5X6AudLW0x0KLeSp0lCnkADfZDCLr5TDkt6HzMiQ7V4KKMiaPjj7fXJQY1mR3eTtNpZp3Iz-JBOPbexKCuutBvWHBUxmyIlCK7FGTcUJdu ...
Continue ReadingJune 29, 2022
jsrsasign is vulnerable to insecure signature verification. The vulnerability exists because the library does not properly validate the `JWS` or `JWT` signature with non-Base64URL encoding special cha ...
Continue ReadingJune 27, 2022
The OIDC JWT token issued on a new Sign in with Apple ID to the Cloudflare Dashboard had an excessive lifetime. When intercepted by a malicious actor, it enabled impersonation of the affected user on ...
Continue ReadingJune 27, 2022
The `host_header` action parameter available to rulesets in the [Origin Rules API](https://developers.cloudflare.com/rules/origin-rules/) lacked sufficient input validation i.e., allowing CRLF charact ...
Continue ReadingJune 27, 2022
Back to Main