CVE-2024-41948

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

EUVD-2024-2267

Malicious code in bioql PyPI...

CVE-2024-41948

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2024-41948

The CVE affects biscuit-java, the Java implementation of Biscuit tokens used for microservices authentication/authorization. A vulnerability exists in the handling of ThirdPartyBlock requests: a malicious user can forge a ThirdPartyBlockRequest and alter the publicKeys field, allowing an attacker...

CVE-2024-41948 biscuit-java vulnerable to public key confusion in third party block

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2024-41948 biscuit-java vulnerable to public key confusion in third party block

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

CVE-2024-41948 biscuit-java vulnerable to public key confusion in third party block

biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, providing only the...

biscuit-java 安全漏洞

biscuit-java is a Java implementation of Biscuit authentication and authorization tokens from the biscuit-auth open source. A security vulnerability exists in biscuit-java version 3, which stems from a malicious user's spoofed third-party block request that can trick a third-party organization in...

GHSA-5HCJ-RWM6-XMW4 biscuit-java vulnerable to public key confusion in third party block

Impact Tokens with third-party blocks containing trusted annotations generated through a third party block request. Due to implementation issues in biscuit-java, third party block support in published versions is inoperating. Nevertheless, to synchronize with other implementations, we publish thi...

PT-2024-29655 · Unknown · Biscuit-Java

Name of the Vulnerable Software and Affected Versions: biscuit-java versions prior to 4.0.0 Description: The issue concerns the generation of third-party blocks for authentication and authorization tokens in microservices architectures. A malicious user can forge a third-party block request,...

com.clever-cloud:biscuit-pulsar (>=1.1.13 <=2.3.2), com.clever-cloud:integration-test (>=1.2.0 <=1.4.6) +1 more potentially affected by CVE-2022-31053 via com.clever-cloud:biscuit-java (>=0.2.7 <=1.1.4)

com.clever-cloud:biscuit-java MAVEN version =0.2.7, =1.1.13, =1.2.0, =1.5.0, =1.5.5 Source cves: CVE-2022-31053 Source advisory: OSV:GHSA-75RW-34Q6-72CR...