admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2018-1000531 updated

Browse Source
This commit is contained in:
Kurt Seifried 2018-06-27 13:42:34 -06:00
parent e7acecf7a3
commit 2f23d086ee
No known key found for this signature in database
GPG Key ID: F15CADC4A00F8174
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/1000xxx/CVE-2018-1000531.json
View File

@ -37,7 +37,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in JWT signature validation can be bypassed. This attack appear to be exploitable via An attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated.. This vulnerability appears to have been fixed in after commit abb0d479389a2509f939452a6767dc424bb5e6ba."
"value" : "inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba."
}
]
},