CVE-2021-29500

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...

cn.acyou:leo-framework-barcode (=1.6.0.RELEASE), cn.acyou:leo-framework-commons (=1.6.0.RELEASE) +169 more potentially affected by CVE-2024-3366 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.4.0)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.7, =1.0.6, =1.2.3, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.6.154 - cn.openjava:openjava-xxl-job-starter =2.0.0.1-alpha and more Source cves: CVE-2024-3366 Source advisory: OSV:GHSA-2V42-XP3J-47M4...

CVE-2021-29500

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...

CVE-2021-29500 Missing validation of JWT signature

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs...

CVE-2021-29500

The CVE-2021-29500 issue affects the bubble-fireworks project (fxbin/bubble-fireworks) in BUILD-SNAPSHOT builds. The root cause is improper verification of JSON Web Token signatures in the library’s JWT handling, which enables forgery of valid JWTs. Affected component: bubble-fireworks-core/JWT v...

bubble fireworks 数据伪造问题漏洞

bubble is an application. It is a Bubble Tea TUI component. A security vulnerability exists in previous versions of bubble fireworks 2021.BUILD-SNAPSHOT, which stems from the fxbin/bubble-fireworks package not properly verifying the signature of JSON web tokens, which can be exploited by an...