Lucene search

Missing validation of JWT signature in `ManyDesigns/Portofino`

🗓️ 19 Apr 2021 14:33:56Reported by GitHub Advisory DatabaseType

Missing validation of JWT signature in ManyDesigns/Portofino. Impact allows forging valid JWT. Patches in upcoming 5.2.1 release

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Prion	Code injection	16 Apr 202122:15	–	prion
CVE	CVE-2021-29451	16 Apr 202122:15	–	cve
Cvelist	CVE-2021-29451 Missing validation of JWT signature in `ManyDesigns/Portofino`	16 Apr 202121:40	–	cvelist
NVD	CVE-2021-29451	16 Apr 202122:15	–	nvd
OSV	CVE-2021-29451	16 Apr 202122:15	–	osv
OSV	GHSA-6G3C-2MH5-7Q6X Missing validation of JWT signature in `ManyDesigns/Portofino`	19 Apr 202114:56	–	osv
Veracode	Insecure JWT Verification	19 Apr 202105:25	–	veracode

Vulners

Node

com.manydesigns portofino-coreRange5.0.0–5.2.1

com.manydesigns portofino-dispatcherRange5.0.0–5.2.1

Source	Link
github	www.github.com/ManyDesigns/Portofino/security/advisories/GHSA-6g3c-2mh5-7q6x
github	www.github.com/ManyDesigns/Portofino/commit/8c754a0ad234555e813dcbf9e57d637f9f23d8fb
mvnrepository	www.mvnrepository.com/artifact/com.manydesigns/portofino
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-29451
github	www.github.com/advisories/GHSA-6g3c-2mh5-7q6x

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Apr 2021 14:56Current

8.7High risk

Vulners AI Score8.7

CVSS26.4

CVSS39.1

EPSS0.002

CWE-347