Validation Bypass

firebase/php-jwt is vulnerable to validation bypass. The vulnerability exists in `decode` and `verify` functions in `JWT.php` because the token validations are not properly handled when multiple keys ...

Continue Reading
CVE-2021-46743

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attack ...

Continue Reading
Multiple security issues in Pomerium’s embedded envoy

Envoy, which Pomerium is based on, has issued multiple CVEs impacting stability and security. Though Pomerium may not be vulnerable to all of the issues, it is recommended that all users upgrade to Po ...

Continue Reading
Multiple security issues in Pomerium’s embedded envoy

Envoy, which Pomerium is based on, has issued multiple CVEs impacting stability and security. Though Pomerium may not be vulnerable to all of the issues, it is recommended that all users upgrade to Po ...

Continue Reading
CVE-2021-43824

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions a crafted request crashes Envoy when a CONNECT request is sent to JWT filter configured wit ...

Continue Reading
Zabbix – A Case Study of Unsafe Session Storage

![A critical vulnerability in the IT monitoring software Zabbix](https://images.prismic.io/sonarsource/a1691e38-7c8f-4e2e-add4-ae3675bb7489_RD-111+zabbix+use+case%402x.png?auto=compress,format) ## Int ...

Continue Reading
RHEL 8 : Red Hat OpenShift Service Mesh 2.1.2 (RHSA-2022:1275)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1275 advisory. - envoy: Null pointer dereference when us ...

Continue Reading
(RHSA-2022:4690) Important: Red Hat OpenShift GitOps security update

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Security Fix(es): * argocd: ArgoCD will blindly trust JWT claims if anonymous access is ...

Continue Reading

Back to Main

Subscribe for the latest news: