Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4 matches found

NVD
NVDadded 2024/04/24 6:15 a.m.9 views

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

8.1CVSS6.5AI score0.00103EPSS
Exploits0References3
CVE
CVEadded 2024/04/24 12:0 a.m.99 views

CVE-2024-33531

CVE-2024-33531 affects lua-resty-jwt 0.2.3, allowing attackers to bypass all JWT-signature checks by crafting a token with an enc header value of A256GCM. The issue is documented across multiple IBM advisories and CVE aggregations, with no public exploitation details provided in the sources. Reme...

8.1CVSS6.7AI score0.00103EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/04/24 12:0 a.m.11 views

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

6.8AI score0.00103EPSS
Exploits0References3
Into the symmetry
Into the symmetryadded 2017/03/13 6:44 p.m.88 views

Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516

tl;dr if you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4j with ECDH-ES please update to the latest version. RFC 7516 aka JSON Web Encryption JWE hence many software libraries implementing this specification used to suffer from a classic Invalid Curve Attack. This would allow a...

7.1AI score
Exploits0
Rows per page
Query Builder