Updated python-pyjwt packages fix security vulnerability

An attacker submitting the JWT token can choose the used signing algorithm (CVE-2022-29217)Read More ...

Continue Reading
Jwtear – Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGtbU4Y_Bwpkax3z9WFvKe0rCOG4yc5X6AudLW0x0KLeSp0lCnkADfZDCLr5TDkt6HzMiQ7V4KKMiaPjj7fXJQY1mR3eTtNpZp3Iz-JBOPbexKCuutBvWHBUxmyIlCK7FGTcUJdu ...

Continue Reading
Insecure Signature Verification

jsrsasign is vulnerable to insecure signature verification. The vulnerability exists because the library does not properly validate the `JWS` or `JWT` signature with non-Base64URL encoding special cha ...

Continue Reading
Cloudflare Public Bug Bounty: Sign in with Apple generates long-life JWTs, seemingly irrevocable, that grant immediate access to accounts

The OIDC JWT token issued on a new Sign in with Apple ID to the Cloudflare Dashboard had an excessive lifetime. When intercepted by a malicious actor, it enabled impersonation of the affected user on ...

Continue Reading
Cloudflare Public Bug Bounty: HTTP request smuggling with Origin Rules using newlines in the host_header action parameter

The `host_header` action parameter available to rulesets in the [Origin Rules API](https://developers.cloudflare.com/rules/origin-rules/) lacked sufficient input validation i.e., allowing CRLF charact ...

Continue Reading
JWS and JWT signature validation vulnerability with special characters

### Impact Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may ...

Continue Reading
JWS and JWT signature validation vulnerability with special characters

### Impact Jsrsasign supports JWS(JSON Web Signatures) and JWT(JSON Web Token) validation. However JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may ...

Continue Reading
CVE-2022-29165

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2 ...

Continue Reading

Back to Main

Subscribe for the latest news: