CVE-2023-51774

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass...Read More ...

Continue Reading
CVE-2024-25191

php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side...Read More ...

Continue Reading
CVE-2024-25191

php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side...Read More ...

Continue Reading
CVE-2024-25191

php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side...Read More ...

Continue Reading
CVE-2024-25189

libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side...Read More ...

Continue Reading
CVE-2022-0931

3scale's gateway usage of JWT does not properly handle verification of algorithm claims in the token header. An attacker could use this flaw to create a signed token with improper claims and thus ...

Continue Reading
CVE-2021-4437

A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages ...

Continue Reading
CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBK ...

Continue Reading

Back to Main

Subscribe for the latest news: