JSON Web Token - API Security Blog

CVE-2024-39315 Pomerium exposed OAuth2 access and ID tokens in user info endpoint response

Pomerium is an identity and context-aware access proxy. Prior to version 0.26.1, the Pomerium user info page (at /.pomerium) unintentionally included serialized OAuth2 access and ID tokens from the lo ...

23 июля, 2024

CVE-2024-21583

Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gh ...

23 июля, 2024

CVE-2024-40430

In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation...Read More ...

23 июля, 2024

Oracle Business Intelligence Enterprise Edition (July 2024 CPU)

The version of Oracle Business Intelligence Enterprise Edition 12.2.1.4 installed on the remote host is affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory, including the ...

23 июля, 2024

SFTPGo’s JWT implmentation lacks certain security measures

In SFTPGo 2.6.2, the JWT implementation lacks certain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation...Read More ...

22 июля, 2024

SFTPGo’s JWT implmentation lacks certain security measures

In SFTPGo 2.6.2, the JWT implementation lacks certain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation...Read More ...

22 июля, 2024

CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrar ...

22 июля, 2024

CVE-2024-40430

In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation...Read More ...

22 июля, 2024