139 matches found
CVE-2023-48238
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...
CVE-2023-48238
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...
Design/Logic Flaw
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On li...
CVE-2023-48238 JWT Algorithm Confusion in json-web-token library
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...
CVE-2023-48238 JWT Algorithm Confusion in json-web-token library
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...
CVE-2023-48238 JWT Algorithm Confusion in json-web-token library
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On li...
PT-2023-30748
Name of the Vulnerable Software and Affected Versions joaquimserafim/json-web-token affected versions not specified Description The json-web-token library is vulnerable to a JWT algorithm confusion attack. This issue arises because the algorithm to use for verifying the signature of the JWT token...
Firebase PHP-JWT key/algorithm type confusion
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
GHSA-8XF4-W7QW-PJJW Firebase PHP-JWT key/algorithm type confusion
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
Key/algorithm type confusion
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
CVE-2021-46743
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
CVE-2021-46743
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
CVE-2021-46743
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
Design/Logic Flaw
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
CVE-2021-46743
CVE-2021-46743 : In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue occurs via the kid header when multiple key types are loaded in a key ring, allowing an attacker to forge tokens that validate under the incorrect key. The description notes this may reflect unsafe usage of the PHP-JW...
CVE-2021-46743
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...
PT-2022-12914 · Firebase +1 · Firebase Php-Jwt +1
Name of the Vulnerable Software and Affected Versions: Firebase PHP-JWT versions prior to 6.0.0 Description: The issue is related to an algorithm-confusion problem, where an attacker can forge tokens that validate under the incorrect key when multiple types of keys are loaded in a key ring. This...
PT-2018-4549
Name of the Vulnerable Software and Affected Versions jsonwebtoken versions 4.2.1 and earlier Description The issue allows an attacker to bypass verification when a token digitally signed with an asymmetric key is sent, but the attacker instead sends a token digitally signed with a symmetric...
Critical Vulnerabilities Affecting JSON Web Token Libraries
Critical vulnerabilities exist in several JSON Web Token JWT libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step. Tim McLean, a Canadian security researcher who specializes in cryptography and dug up the issues, points out that attackers...