EUVD-2018-1849

Malware in sbrugna...

CVE-2018-1000531

The vulnerability CVE-2018-1000531 affects inversoft prime-jwt prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba, where JWTDecoder.decode can mishandle signature verification (CWE-20). An attacker can craft a JWT with a valid header using the none algorithm and a body that passes validatio...

CVE-2018-1000125

inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack...