JSON Web Token - API Security Blog

CVE-2024-52295

DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OI ...

November 13, 2024

CVE-2024-50634

A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation ...

November 13, 2024

ROS-20241112-03

Vulnerability of the JWE, JWS, JWT go-jose standards set implementation package for Go programming language is related to incorrect processing of highly compressed input data. Exploitation of the vuln ...

November 13, 2024

openSUSE: Security Advisory for python (openSUSE-SU-2024:0351-1)

The remote host is missing an update for...Read More ...

November 13, 2024

Context is King: Using API Sessions for Security Context

There’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase in publicized API vulnerabilities has pushed API security to the top of CISO� ...

November 12, 2024

CVE-2024-10285 CE21 Suite <= 2.2.0 – JWT Token Disclosure

The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attacke ...

November 12, 2024

(RHSA-2024:9281) Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key (JWK), JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Token (JWT) JOSE (JSON Object Signing and Encry ...

November 12, 2024

Bad documentation of error handling in ParseWithClaims may lead to dangerous situations in github.com/golang-jwt/jwt

Bad documentation of error handling in ParseWithClaims may lead to dangerous situations in...Read More ...

November 12, 2024