Lucene search
GoogleOSV:GHSA-V5RV-HPXG-8X49HistoryJan 13, 2021 - 7:13 p.m.
Signature validation bypass in ServiceStack
2021-01-1319:13:11
Google
osv.dev
7
0.002 Low
EPSS
Percentile
60.9%
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.
References
forums.servicestack.net/t/servicestack-v5-9-2-released/8850
github.com/ServiceStack/ServiceStack/commit/540d4060e877a03ae95343c1a8560a26768585ee
nvd.nist.gov/vuln/detail/CVE-2020-28042
snyk.io/vuln/SNYK-DOTNET-SERVICESTACK-1035519
www.nuget.org/packages/ServiceStack
www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass
www.shielder.it/blog/2020/11/re-discovering-a-jwt-authentication-bypass-in-servicestack
Related
cve
cve
CVE-2020-28042
2020-11-02 21:15:31
cvelist
cvelist
CVE-2020-28042
2020-11-01 04:50:48
nvd
nvd
CVE-2020-28042
2020-11-02 21:15:31
veracode
veracode
Signature Validation Bypass
2020-11-03 03:38:55
prion
prion
Code injection
2020-11-02 21:15:00
github
github
Signature validation bypass in ServiceStack
2021-01-13 19:13:11
osv
osv
CVE-2020-28042
2020-11-02 21:15:31