EUVD-2023-43732

Malicious code in bioql PyPI...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

Security Bulletin: IBM Cloud Pak for Data is vulnerable due to lua-resty (CVE-2024-33531)

Summary Lua is used by IBM Cloud Pak for Data as part of the web interface. CVE-2024-33531 Vulnerability Details CVEID:CVE-2024-33531 DESCRIPTION: lua-resty-jwt could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

CVE-2024-33531

CVE-2024-33531 affects lua-resty-jwt 0.2.3, allowing attackers to bypass all JWT-signature checks by crafting a token with an enc header value of A256GCM. The issue is documented across multiple IBM advisories and CVE aggregations, with no public exploitation details provided in the sources. Reme...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

lua-resty-jwt 安全漏洞

lua-resty-jwt is a library from the individual developer Christian Battaglia. A security vulnerability exists in lua-resty-jwt version 0.2.3, which originated from a vulnerability that allows an attacker to bypass all JWT parsing signature checks by crafting a JWT with an enc header with the valu...

PT-2024-25302

Name of the Vulnerable Software and Affected Versions lua-resty-jwt version 0.2.3 Description The issue allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM. This enables them to potentially access unauthorized resources or perfor...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

CVE-2023-3040

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a merged in PR 14 contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that...

CVE-2023-3040

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a merged in PR 14 contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that...

Design/Logic Flaw

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a merged in PR 14 contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that...

CVE-2023-3040 Out of Bounds Access Leading to Undefined Behavior

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a merged in PR 14 contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that...

CVE-2023-3040

CVE-2023-3040 concerns the lua-resty-json library. A debug function, present up to commit 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14), contained an out-of-bounds access bug. If this function is used to parse untrusted input data, it could allow an attacker to trigger a DoS. The fu...

CVE-2023-3040 Out of Bounds Access Leading to Undefined Behavior

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a merged in PR 14 contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that...

PT-2023-22671 · Unknown · Lua-Resty-Json

Name of the Vulnerable Software and Affected Versions: lua-resty-json versions up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a Description: A debug function in the lua-resty-json package contained an out of bounds access bug that could have allowed an attacker to launch a Denial of Servi...

lua-resty-json 缓冲区错误漏洞

Cloudflare lua-resty-json is Cloudflare's json library for use with lua and C. It has a security vulnerability in its previous version. A security vulnerability exists in versions prior to lua-resty-json 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a, which stems from the fact that an attacker may be...

CVE-2022-29266

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...

CVE-2022-29266

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...