CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

133 matches found

Cvelist•added 2023/11/17 9:35 p.m.•14 views

CVE-2023-48238 JWT Algorithm Confusion in json-web-token library

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On li...

7.5CVSS7.6AI score0.00186EPSS

Exploits1References1

Vulnrichment•added 2023/11/17 9:35 p.m.•14 views

CVE-2023-48238 JWT Algorithm Confusion in json-web-token library

7.5CVSS6.7AI score0.00186EPSS

Exploits1References1

Positive Technologies•added 2023/11/17 12:0 a.m.•1 views

PT-2023-30748 · Joaquimserafim · Jsonwebtoken

Name of the Vulnerable Software and Affected Versions: joaquimserafim/json-web-token affected versions not specified Description: The json-web-token library is vulnerable to a JWT algorithm confusion attack. This issue arises because the algorithm to use for verifying the signature of the JWT tok...

7.5CVSS7.3AI score0.00186EPSS

Exploits1References11

OSV•added 2022/03/30 12:0 a.m.•28 views

GHSA-8XF4-W7QW-PJJW Firebase PHP-JWT key/algorithm type confusion

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...

9.1CVSS9.1AI score0.00641EPSS

Exploits1References5

Github Security Blog•added 2022/03/30 12:0 a.m.•83 views

Firebase PHP-JWT key/algorithm type confusion

9.1CVSS2.4AI score0.00641EPSS

Exploits1References5Affected Software1

Friends Of PHP•added 2022/03/30 12:0 a.m.•36 views

Key/algorithm type confusion

9.1CVSS9.1AI score0.00641EPSS

Exploits1Affected Software1

OSV•added 2022/03/29 7:15 a.m.•16 views

CVE-2021-46743

9.1CVSS6.7AI score

Exploits0References1

NVD•added 2022/03/29 7:15 a.m.•15 views

CVE-2021-46743

9.1CVSS0.00641EPSS

Exploits1References1

Prion•added 2022/03/29 7:15 a.m.•16 views

Design/Logic Flaw

5.8CVSS9AI score0.00641EPSS

Exploits1References1Affected Software1

CVE•added 2022/03/29 6:40 a.m.•132 views

CVE-2021-46743

CVE-2021-46743 : In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue occurs via the kid header when multiple key types are loaded in a key ring, allowing an attacker to forge tokens that validate under the incorrect key. The description notes this may reflect unsafe usage of the PHP-JW...

9.1CVSS9AI score0.00641EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/03/29 6:40 a.m.•19 views

CVE-2021-46743

9.3AI score0.00641EPSS

Exploits1References1

Positive Technologies•added 2022/03/29 12:0 a.m.•4 views

PT-2022-12914 · Firebase +1 · Firebase Php-Jwt +1

Name of the Vulnerable Software and Affected Versions: Firebase PHP-JWT versions prior to 6.0.0 Description: The issue is related to an algorithm-confusion problem, where an attacker can forge tokens that validate under the incorrect key when multiple types of keys are loaded in a key ring. This...

9.8CVSS6.9AI score0.20737EPSS

Exploits12References65

ThreatPost•added 2015/04/01 2:58 p.m.•20 views

Critical Vulnerabilities Affecting JSON Web Token Libraries

Critical vulnerabilities exist in several JSON Web Token JWT libraries – namely the JavaScript and PHP versions – that could let an attacker bypass the verification step. Tim McLean, a Canadian security researcher who specializes in cryptography and dug up the issues, points out that attackers...

7.7AI score

Exploits0References17

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by