GO-2022-0402

A malicious account can create and sign a User JWT which causes a panic when decoded by the NATS JWT library.Read More ...

Continue Reading
CVE-2022-25898

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack ...

Continue Reading
Updated python-pyjwt packages fix security vulnerability

An attacker submitting the JWT token can choose the used signing algorithm (CVE-2022-29217)Read More ...

Continue Reading
Jwtear – Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGtbU4Y_Bwpkax3z9WFvKe0rCOG4yc5X6AudLW0x0KLeSp0lCnkADfZDCLr5TDkt6HzMiQ7V4KKMiaPjj7fXJQY1mR3eTtNpZp3Iz-JBOPbexKCuutBvWHBUxmyIlCK7FGTcUJdu ...

Continue Reading
Insecure Signature Verification

jsrsasign is vulnerable to insecure signature verification. The vulnerability exists because the library does not properly validate the `JWS` or `JWT` signature with non-Base64URL encoding special cha ...

Continue Reading
Cloudflare Public Bug Bounty: Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts

The OIDC JWT token issued on a new Sign in with Apple ID to the Cloudflare Dashboard had an excessive lifetime. When intercepted by a malicious actor, it enabled impersonation of the affected user on ...

Continue Reading
Cloudflare Public Bug Bounty: HTTP request smuggling with Origin Rules using newlines in the host_header action parameter

The `host_header` action parameter available to rulesets in the [Origin Rules API](https://developers.cloudflare.com/rules/origin-rules/) lacked sufficient input validation i.e., allowing CRLF charact ...

Continue Reading

Back to Main

Subscribe for the latest news: