Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:12 a.m.12 views

CVE-2024-54150

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

9.1CVSS6.8AI score0.00384EPSS
Exploits0References1
NVD
NVD
added 2024/12/19 7:15 p.m.28 views

CVE-2024-54150

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

9.1CVSS0.00384EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/19 6:22 p.m.39 views

CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

8.7CVSS0.00384EPSS
Exploits0References2
CVE
CVE
added 2024/12/19 6:22 p.m.100 views

CVE-2024-54150

CVE-2024-54150 (cjwt) is a vulnerability in the C JWT implementation where signature verification fails to differentiate between symmetric and asymmetric signing methods (e.g., HS256 vs RS256/PS/EC). The root cause is algorithm confusion during verification, which can allow an attacker to forge t...

9.1CVSS6.5AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2024/12/19 6:22 p.m.16 views

CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

8.7CVSS6.8AI score0.00384EPSS
Exploits0References4
Rows per page
Query Builder