Lucene search
K

4 matches found

Circl
Circl
added 2023/08/02 10:0 a.m.11 views

CVE-2016-10555

creationtimestamp| type| source ---|---|--- 2023-08-02 10:00:03+00:00| seen| https://t.me/ptsoft/21 2023-08-02 10:00:03+00:00| seen| https://t.me/ptsoft/12 2025-01-28 13:54:03+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/11760 2025-02-05 19:34:25+00:00| published-proof-of-concept...

6.5CVSS7AI score0.04898EPSS
Exploits2References5
vulnersOsv
vulnersOsv
added 2018/11/06 11:12 p.m.4 views

@sysdoc/sysdoc-web-stack (=1.0.0), ac-koa-hipchat (>=0.1.0 <=0.2.20) +182 more potentially affected by CVE-2016-10555 via jwt-simple (>=0.1.0 <=0.3.0)

jwt-simple NPM version =0.1.0, =0.1.0, =0.1.0, =1.1.0, =0.0.1, =0.1.0, =1.0.0, =0.0.7, =0.2.12, =0.5.3, =0.1.0, =0.0.2, =1.1.1, =1.3.1 and more Source cves: CVE-2016-10555 Source advisory: OSV:GHSA-VGRX-W6RG-8FQF...

6.5CVSS6.7AI score0.04898EPSS
Exploits2
CVE
CVE
added 2018/05/31 8:0 p.m.53 views

CVE-2016-10555

The CVE-2016-10555 issue affects the jwt-simple library (Node.js). It arises because jwt.decode() does not strictly enforce the algorithm, allowing a malicious user to choose the JWT verification algorithm. If a server expects RSA but receives an HMAC-SHA with RSA’s public key, the public key cou...

6.5CVSS6.2AI score0.04898EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.26 views

CVE-2016-10555

Since "algorithm" isn't enforced in jwt.decodein jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key...

6.3AI score0.04898EPSS
Exploits2References4
Rows per page
Query Builder