2 matches found
CVE-2018-1000125
inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack...
CVE-2018-1000125
CVE-2018-1000125 affects inversoft prime-jwt prior to version 1.3.0 (before commit 0d94dcef0133d699f21d217e922564adbb83a227). The vulnerability is in JWTDecoder.decode, where input validation can allow a JWT to be decoded and implicitly validated even if the signature is invalid. Attackers can cr...