Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-8947

Malware in sbrugna...

7.5CVSS7.5AI score0.01015EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 9:16 a.m.7 views

CVE-2019-19324

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...

7.5CVSS6.9AI score0.01015EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.5 views

The vulnerability of the JWT library cjwt, related to incorrect verification of the cryptographic signature, allows attackers to circumvent security restrictions.

The vulnerability of the JWT library cjwt is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...

7.8CVSS5.4AI score0.00384EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/19 6:22 p.m.16 views

CVE-2024-54150 Algorithm Confusion Vulnerability in cjwt

cjwt is a C JSON Web Token JWT Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS...

8.7CVSS6.8AI score0.00384EPSS
Exploits0References2
CVE
CVE
added 2024/12/19 6:22 p.m.100 views

CVE-2024-54150

CVE-2024-54150 (cjwt) is a vulnerability in the C JWT implementation where signature verification fails to differentiate between symmetric and asymmetric signing methods (e.g., HS256 vs RS256/PS/EC). The root cause is algorithm confusion during verification, which can allow an attacker to forge t...

9.1CVSS6.5AI score0.00384EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/19 12:0 a.m.3 views

cjwt 数据伪造问题漏洞

cjwt is a small JWT handler open-sourced by Xmidt. A data forgery vulnerability exists in cjwt version v2.2.0, which stems from an algorithmic obfuscation issue, where the system mishandles the verification of signature types and fails to differentiate between signature tokens, allowing an attack...

9.1CVSS6.7AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2020/03/20 6:15 p.m.16 views

CVE-2019-19324

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...

7.5CVSS6.8AI score
Exploits0References2
NVD
NVD
added 2020/03/20 6:15 p.m.14 views

CVE-2019-19324

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...

7.5CVSS7.5AI score0.01015EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/03/20 5:26 p.m.21 views

CVE-2019-19324

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance...

7.5AI score0.01015EPSS
Exploits0References2
CVE
CVE
added 2020/03/20 5:26 p.m.85 views

CVE-2019-19324

Xmidt cjwt (C library) before 2019-11-25 and version 1.0.1 and earlier maps unsupported JWT algorithms to alg=none, which can lead to untrusted accidental JWT acceptance. Affected component: Xmidt cjwt; root cause: permissive/incorrect handling of algorithm values; impact: potential for accepting...

7.5CVSS7.5AI score0.01015EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder