Lucene search

CVE-2020-28042

🗓️ 02 Nov 2020 21:31:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 61 Views

ServiceStack before 5.9.2 mishandles JWT signature verification without custom ValidateToken functio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
OSV	CVE-2020-28042	2 Nov 202021:15	–	osv
OSV	Signature validation bypass in ServiceStack	13 Jan 202119:13	–	osv
Prion	Code injection	2 Nov 202021:15	–	prion
Veracode	Signature Validation Bypass	3 Nov 202003:38	–	veracode
Github Security Blog	Signature validation bypass in ServiceStack	13 Jan 202119:13	–	github
Cvelist	CVE-2020-28042	1 Nov 202004:50	–	cvelist
NVD	CVE-2020-28042	2 Nov 202021:15	–	nvd

Nvd

Node

servicestack servicestackRange<5.9.2

Source	Link
shielder	www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass/
forums	www.forums.servicestack.net/t/servicestack-v5-9-2-released/8850
shielder	www.shielder.it/blog/2020/11/re-discovering-a-jwt-authentication-bypass-in-servicestack/
github	www.github.com/ServiceStack/ServiceStack/commit/540d4060e877a03ae95343c1a8560a26768585ee

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Nov 2020 21:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS25

CVSS35.3

EPSS0.09249

CWE-347