3 matches found
PT-2026-50738
Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.11.0 ZITADEL versions 3.0.0 through 3.4.11 Description An authentication bypass exists in the external JWT Identity Provider IdP implementation. While the system validates the cryptographic signature and the...
GHSA-QQCJ-RGHW-829X Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impersonation
Context: A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint /api/1.0/unity-control/auth/tokens. The endpoint extracts the issuer iss claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without...
Hono 授权问题漏洞
Hono is a web framework written in TypeScript from the Hono community. An authorization issue vulnerability exists in Hono versions 1.1.0 through prior to 4.10.2, which stems from the lack of built-in audience validation options in the JWT Auth Middleware, and could lead to token obfuscation and...