Summary The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. Details The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not prop ...
Continue Reading
December 15, 2023
lamp-core and lamp-util are vulnerable to hard coded credential vulnerability. The vulnerability is due to usage of a hardcoded cryptographic key while creating and verifying a JWT token.The vulnerabi ...
Continue Reading
December 15, 2023
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the applicatio ...
Continue Reading
December 15, 2023
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the applicatio ...
Continue Reading
December 15, 2023
The [2023 SANS Survey on API Security]() (Jun-2023) found that less than 50 percent of respondents have API security testing tools in place. Even fewer (29 percent) have API discovery tools. Wallarm d ...
Continue Reading
December 15, 2023
Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as [CVE-2023-36845](), [CVE-2023-40044](), [CVE-2023-42793](), [CVE-2023-29357](), and [CVE-2023-2 ...
Continue Reading
December 15, 2023
fast-jwt is vulnerable to JWT Algorithm Confusion. The vulnerability is caused by a missing validation on publicKeyPemMatcher constant defined in fast-jwt/src/crypto.js which is used to match all comm ...
Continue Reading
December 15, 2023
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the applicatio ...
Continue Reading
December 15, 2023
Back to Main
