EUVD-2019-8947

Malware in sbrugna...

CVE-2019-19324

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...

CVE-2024-54150

CVE-2024-54150 (cjwt) is a vulnerability in the C JWT implementation where signature verification fails to differentiate between symmetric and asymmetric signing methods (e.g., HS256 vs RS256/PS/EC). The root cause is algorithm confusion during verification, which can allow an attacker to forge t...

CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

cjwt 数据伪造问题漏洞

cjwt is a small JWT handler open-sourced by Xmidt. A data forgery vulnerability exists in cjwt version v2.2.0, which stems from an algorithmic obfuscation issue, where the system mishandles the verification of signature types and fails to differentiate between signature tokens, allowing an attack...

CVE-2019-19324

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...

CVE-2019-19324

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...

CVE-2019-19324

Xmidt cjwt (C library) before 2019-11-25 and version 1.0.1 and earlier maps unsupported JWT algorithms to alg=none, which can lead to untrusted accidental JWT acceptance. Affected component: Xmidt cjwt; root cause: permissive/incorrect handling of algorithm values; impact: potential for accepting...

CVE-2019-19324

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...