GHSA-4XW9-CX39-R355 json-web-token library is vulnerable to a JWT algorithm confusion attack

Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn't be trusted. To...

CVE-2023-48238

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...

CVE-2023-48238

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...

Design/Logic Flaw

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On li...

CVE-2023-48238 JWT Algorithm Confusion in json-web-token library

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...

CVE-2023-48238 JWT Algorithm Confusion in json-web-token library

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86 of the 'index.js'...

CVE-2023-48238

CVE-2023-48238 affects the javascript library joaquimserafim/json-web-token. The root cause is that the library’s verify flow uses the JWT-supplied algorithm (potentially HS256) before the token is verified, enabling an algorithm-confusion attack against applications using RS256. Attackers can cr...

CVE-2023-48238 JWT Algorithm Confusion in json-web-token library

joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens JWT which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On li...

JSON Web Token Security Vulnerability

JSON Web Token is a compact URL security method for representing a statement to be transmitted between two parties. A security vulnerability exists in JSON Web Token versions prior to 3.1.1 that stems from vulnerability to JWT algorithm obfuscation attacks...

PT-2023-30748

Name of the Vulnerable Software and Affected Versions joaquimserafim/json-web-token affected versions not specified Description The json-web-token library is vulnerable to a JWT algorithm confusion attack. This issue arises because the algorithm to use for verifying the signature of the JWT token...

CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

Null pointer dereference

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

CVE-2023-6176 Kernel: local dos vulnerability in scatterwalk_copychunks

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

CVE-2023-6176

The connected documents confirm CVE-2023-6176 is a Linux kernel issue in the cryptographic algorithm scatterwalk API. A null pointer dereference can be triggered when a local user constructs a malicious packet with specific socket configuration, potentially crashing the system or enabling privile...

CVE-2023-6176 Kernel: local dos vulnerability in scatterwalk_copychunks

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

The vulnerability in the implementation of the SHA-1 cryptographic algorithm in Google Chrome’s browser allows attackers to perform spoofing attacks.

The vulnerability of the SHA-1 cryptographic algorithm implementation in Google Chrome browsers is related to the use of a weak encryption mechanism. Exploiting this vulnerability allows a remote attacker to perform rainbow attacks...