CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

CVE-2024-33531

CVE-2024-33531 affects lua-resty-jwt 0.2.3, allowing attackers to bypass all JWT-signature checks by crafting a token with an enc header value of A256GCM. The issue is documented across multiple IBM advisories and CVE aggregations, with no public exploitation details provided in the sources. Reme...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

lua-resty-jwt 安全漏洞

lua-resty-jwt is a library from the individual developer Christian Battaglia. A security vulnerability exists in lua-resty-jwt version 0.2.3, which originated from a vulnerability that allows an attacker to bypass all JWT parsing signature checks by crafting a JWT with an enc header with the valu...

CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM...

CVE-2022-29266

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...

CVE-2022-29266

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...

CVE-2022-29266

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...

Information disclosure

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...

CVE-2022-29266

Apache APISIX prior to 3.13.1 is affected by an information-disclosure issue in the jwt-auth plugin. The error message returned by the dependency lua-resty-jwt can leak the user’s secret key, enabling leakage of sensitive credentials. Affected product: Apache APISIX (jwt-auth plugin); vulnerable ...

CVE-2022-29266 apisix/jwt-auth may leak secrets in error response

In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information...