Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-volumes-web-app, jwt-tool, py3-urllib3-1,...Read More ...
Continue Reading
February 26, 2024
Vulnerabilities for packages: py3-tensorflow-serving-api, kubeflow-volumes-web-app, jwt-tool, py3-urllib3-1,...Read More ...
Continue Reading
February 26, 2024
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass...Read More ...
Continue Reading
February 20, 2024
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side...Read More ...
Continue Reading
February 17, 2024
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side...Read More ...
Continue Reading
February 17, 2024
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side...Read More ...
Continue Reading
February 17, 2024
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side...Read More ...
Continue Reading
February 15, 2024
3scale's gateway usage of JWT does not properly handle verification of algorithm claims in the token header. An attacker could use this flaw to create a signed token with improper claims and thus ...
Continue Reading
February 15, 2024
Back to Main
