Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT t ...
Continue Reading
December 15, 2023
NextAuth.js provides authentication for Next.js. next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected by a vulnerability. A bad actor could cre ...
Continue Reading
December 15, 2023
Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not prop ...
Continue Reading
December 15, 2023
The D-Link D-View 8 web server running on the remote host uses a hard-coded key to protect a JWT token. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to bypass ...
Continue Reading
December 15, 2023
The D-Link D-View 8 web server running on the remote host uses a hard-coded key to protect a JWT token. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to bypass ...
Continue Reading
December 15, 2023
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the applicatio ...
Continue Reading
December 15, 2023
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the applicatio ...
Continue Reading
December 15, 2023
Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT t ...
Continue Reading
December 15, 2023
Back to Main
