4 matches found
CVE-2025-30144
creationtimestamp| type| source ---|---|--- 2025-03-19 18:43:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkqtncueff2h 2025-03-19 18:49:15+00:00| seen| https://t.me/cvedetector/20642 2025-08-12 13:33:28+00:00| seen| MISP/02fb130c-7874-4693-9b66-81ed91a2e996 2025-08-21...
03-api-solid (>=1.0.0 <=1.1.2), @aitech-asia/cms (>=0.0.1 <=2.0.35) +226 more potentially affected by CVE-2025-30144 via fast-jwt (>=0.1.1 <=5.0.5)
fast-jwt NPM version =0.1.1, =1.0.0, =0.0.1, =0.0.1, =1.1.1, =0.2.0, =0.2.0, =0.1.0, =0.8.0, =0.1.1, =0.5.0, =0.7.0, =0.1.1, =0.4.0, =0.1.0, =0.1.0, =1.0.0-beta.0 and more Source cves: CVE-2025-30144 Source advisory: OSV:GHSA-GM45-Q3V2-6CF8...
CVE-2025-30144 Fast-JWT Improperly Validates iss Claims
fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...
CVE-2025-30144 Fast-JWT Improperly Validates iss Claims
fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...