jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while pro ...
Continue Reading
January 09, 2024
Microsoft Security Advisory CVE-2024-21319: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in the ASP ...
Continue Reading
January 09, 2024
Microsoft Security Advisory CVE-2024-21319: .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in the ASP ...
Continue Reading
January 09, 2024
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This ...
Continue Reading
January 04, 2024
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode. B ...
Continue Reading
January 04, 2024
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This ...
Continue Reading
December 21, 2023
Navidrome is an open source web-based music collection server and streamer. A security vulnerability has been identified in navidrome's subsonic endpoint, allowing for authentication bypass. This ...
Continue Reading
December 21, 2023
github.com/navidrome/navidrome is vulnerable to Authentication bypass. The vulnerability is due to the DefaultGet function within auth.go which is used to retrieve the JWT secret key from the database ...
Continue Reading
December 21, 2023
Back to Main
