CVE-2022-31053

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The...

CVE-2024-41949

biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

files (>=1.0.0 <=2.2.3), portal (>=2.0.0 <=3.0.1) potentially affected by CVE-2022-31053 via biscuit-auth (=1.2.0)

biscuit-auth CARGO version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on biscuit-auth and may be impacted: - files =1.0.0, =2.0.0, =3.0.1 Source cves: CVE-2022-31053 Source advisory: OSV:GHSA-75RW-34Q6-72CR...