5 matches found
CVE-2021-29451
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release...
com.manydesigns:demo-tt (>=5.0.0 <=5.2.0), com.manydesigns:portofino-atmosphere (>=5.0.0 <=5.0.3) +16 more potentially affected by CVE-2021-29451 via com.manydesigns:portofino-core (>=5.0.0 <=5.2.0)
com.manydesigns:portofino-core MAVEN version =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.2.0 and more Source cves: CVE-2021-29451 Source advisory: OSV:GHSA-6G3C-2MH5-7Q6X...
CVE-2021-29451
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release...
CVE-2021-29451
Portofino is an open-source web framework. Versions before 5.2.1 fail to properly verify the signature of JSON Web Tokens, allowing forging a valid JWT. Affected component: JWT validation logic in Portofino prior to 5.2.1. Impact: compromised authentication/session integrity for tokens forged wit...
CVE-2021-29451 Missing validation of JWT signature in `ManyDesigns/Portofino`
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release...