CVE-2024-41948

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2022-31053

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...

HSEC-2023-0002 Improper Verification of Cryptographic Signature

Improper Verification of Cryptographic Signature The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandate...

EUVD-2024-2267

Malicious code in bioql PyPI...

EUVD-2024-2393

Malicious code in bioql PyPI...

EUVD-2024-39567

Malicious code in bioql PyPI...

CVE-2024-41949

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2024-42350

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

Malicious code in analytics-biscuit-tin (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-796 Malicious code in analytics-biscuit-tin (npm)

--- -= Per source details. Do not edit below this line.=-...

Boa (>=0.13.0 <=0.13.1), arci-urdf-viz (>=0.0.7 <=0.1.0) +89 more potentially affected by unknown CVE via fast-float (=0.2.0)

fast-float CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fast-float and may be impacted: - Boa =0.13.0, =0.0.7, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.19.0, =0.3.0, =0.4.1, =0.6.2, =0.3.2, =0.4.1, =0.3.2, =0.20.2 and more Source cves...

academlo (>=0.0.1 <=0.0.3), afterburner (>=0.0.1 <=0.0.2) +140 more potentially affected by CVE-2024-42353 via webob (>=1.2.3 <=1.8.7)

webob PYPI version =1.2.3, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.0.2, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2024-42353 Source advisory: OSV:PYSEC-2024-188...

Exposure Of Resource To Wrong Sphere

org.biscuitsec, biscuit is vulnerable to Exposure of Resource to Wrong Sphere. The vulnerability is due to the potential for third-party block requests to be forged by malicious users, tricking the third-party authority into generating datalog trusting the wrong keypair. Attackers can exploit thi...

CVE-2024-42350

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

CVE-2024-42350 Public key confusion in third party block in Biscuit

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

CVE-2024-42350 Public key confusion in third party block in Biscuit

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

Biscuit 安全漏洞

Biscuit is a delegated, decentralized, capability-based authorization token from biscuit-auth open source. A security vulnerability exists in Biscuit that stems from a data log that allows a malicious user to trick a third-party authority into generating a key pair with the wrong trust via a forg...

CVE-2024-41948

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2024-41948

The CVE affects biscuit-java, the Java implementation of Biscuit tokens used for microservices authentication/authorization. A vulnerability exists in the handling of ThirdPartyBlock requests: a malicious user can forge a ThirdPartyBlockRequest and alter the publicKeys field, allowing an attacker...

CVE-2024-41948 biscuit-java vulnerable to public key confusion in third party block

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...