8 matches found
java-jwt-4.4.0-1.1 on GA media (moderate)
java-jwt-4.4.0-1.1 on GA media Announcement ID: openSUSE-SU-2024:14395-1 Rating: moderate Cross-References: CVE-2022-42003 CVSS scores: CVE-2022-42003 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...
Withdrawn: JJWT improperly generates signing keys
Withdrawn Advisory This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information. Original Description JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The...
CVE-2024-31033
JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...
CVE-2024-31033
JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...
CVE-2024-31033
CVE-2024-31033 concerns the JJWT (Java JWT) library up to version 0.12.5, where an issue in signing/verification could lead a user to falsely believe a key is strong due to ignored characters in signing operations (setSigningKey in DefaultJwtParser and signWith in DefaultJwtBuilder). IBM and Red ...
Java JWT 安全漏洞
Java JWT is a jwtk open source JSON web token for Java and Android. A security vulnerability exists in Java JWT JJWT version 0.12.5, which stems from a security issue in the setSigningKey method in the DefaultJwtParser class and in the signWith method in the DefaultJwtBuilder class, which omits...
CVE-2024-31033
JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...
CVE-2024-31033
JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...