Lucene search
MitreCVELIST:CVE-2020-28042HistoryNov 01, 2020 - 4:50 a.m.
CVE-2020-28042
2020-11-0104:50:48
mitre
www.cve.org
2
servicestack
jwt
signature verification
vulnerability
minimum length
EPSS
0.003
Percentile
65.9%
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.
References
forums.servicestack.net/t/servicestack-v5-9-2-released/8850
github.com/ServiceStack/ServiceStack/commit/540d4060e877a03ae95343c1a8560a26768585ee
www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass/
www.shielder.it/blog/2020/11/re-discovering-a-jwt-authentication-bypass-in-servicestack/
Related
cve
cve
CVE-2020-28042
2020-11-02 21:15:31
osv
osv
CVE-2020-28042
2020-11-02 21:15:31
Signature validation bypass in ServiceStack
2021-01-13 19:13:11
github
github
Signature validation bypass in ServiceStack
2021-01-13 19:13:11
veracode
veracode
Signature Validation Bypass
2020-11-03 03:38:55
prion
prion
Code injection
2020-11-02 21:15:00
nvd
nvd
CVE-2020-28042
2020-11-02 21:15:31