Lucene search
+L

50 matches found

redhatcve
redhatcve
added 2026/01/09 9:34 a.m.9 views

CVE-2024-41948

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

5CVSS6.9AI score0.00283EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 8:42 a.m.11 views

CVE-2022-31053

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...

9.8CVSS6.8AI score0.0096EPSS
Exploits1References1
osv
osv
added 2025/11/14 2:45 p.m.33 views

HSEC-2023-0002 Improper Verification of Cryptographic Signature

Improper Verification of Cryptographic Signature The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandate...

9.8CVSS9.4AI score0.0096EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-2267

Malicious code in bioql PyPI...

5CVSS6.5AI score0.00283EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-39567

Malicious code in bioql PyPI...

3CVSS6.6AI score0.00291EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2393

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00237EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/23 8:52 a.m.7 views

CVE-2024-41949

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

6.4CVSS7AI score0.00237EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 7:54 a.m.8 views

CVE-2024-42350

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

3CVSS6.9AI score0.00291EPSS
Exploits0
ossf
ossf
added 2025/02/03 4:44 p.m.4 views

Malicious code in analytics-biscuit-tin (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2025/02/03 4:44 p.m.4 views

MAL-2025-796 Malicious code in analytics-biscuit-tin (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
vulnersosv
vulnersosv
added 2024/11/12 8:48 p.m.16 views

Boa (>=0.13.0 <=0.13.1), arci-urdf-viz (>=0.0.7 <=0.1.0) +87 more potentially affected by unknown CVE via fast-float (=0.2.0)

fast-float CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fast-float and may be impacted: - Boa =0.13.0, =0.0.7, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.19.0, =0.3.0, =0.4.1, =0.6.2, =0.3.2, =0.4.1, =0.3.2, =0.20.2 and more Source cves...

5.7AI score
Exploits0
vulnersosv
vulnersosv
added 2024/08/14 9:15 p.m.5 views

a10-octavia (>=0.1.0.dev384 <=2.2.0), a2 (=0.8.4) +1988 more potentially affected by CVE-2024-42353 via webob (>=1.2.3 <=1.8.7)

webob PYPI version =1.2.3, =0.1.0.dev384, =1.0.0, =0.0.1, =2026.4.17, =0.0.2, =1.2.0, =1.0.0, =0.18.0, =0.3.0, =0.2.1, =0.5.0, =2.0.0, =3.12.0 and more Source cves: CVE-2024-42353 Source advisory: OSV:PYSEC-2024-188...

6.1CVSS6.3AI score0.00497EPSS
Exploits1
veracode
veracode
added 2024/08/07 4:34 a.m.13 views

Exposure Of Resource To Wrong Sphere

org.biscuitsec, biscuit is vulnerable to Exposure of Resource to Wrong Sphere. The vulnerability is due to the potential for third-party block requests to be forged by malicious users, tricking the third-party authority into generating datalog trusting the wrong keypair. Attackers can exploit thi...

3CVSS7AI score0.00291EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2024/08/05 8:15 p.m.30 views

CVE-2024-42350

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

3CVSS0.00291EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/08/05 7:47 p.m.14 views

CVE-2024-42350 Public key confusion in third party block in Biscuit

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

3CVSS7.2AI score0.00291EPSS
Exploits0References2
osv
osv
added 2024/08/05 7:47 p.m.43 views

CVE-2024-42350 Public key confusion in third party block in Biscuit

Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be...

3CVSS6.7AI score0.00291EPSS
Exploits0References4
cnnvd
cnnvd
added 2024/08/05 12:0 a.m.5 views

Biscuit 安全漏洞

Biscuit is a delegated, decentralized, capability-based authorization token from biscuit-auth open source. A security vulnerability exists in Biscuit that stems from a data log that allows a malicious user to trick a third-party authority into generating a key pair with the wrong trust via a forg...

3CVSS6.4AI score0.00291EPSS
Exploits0References3
nvd
nvd
added 2024/08/01 10:15 p.m.41 views

CVE-2024-41948

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

5CVSS0.00283EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/08/01 10:3 p.m.15 views

CVE-2024-41948 biscuit-java vulnerable to public key confusion in third party block

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

3CVSS6.9AI score0.00283EPSS
Exploits0References1
cvelist
cvelist
added 2024/08/01 10:3 p.m.54 views

CVE-2024-41948 biscuit-java vulnerable to public key confusion in third party block

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

3CVSS0.00283EPSS
Exploits0References1
Rows per page
Query Builder