Lucene search
K

4 matches found

Snyk
Snyk
added 2026/03/11 10:40 p.m.4 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the token exchange endpoint /api/1.0/unity-control/auth/tokens that processes JWTs. An attacker can gain unauthorized access and impersonate any user by supplying a JWT with a malicious issuer, as the endpoint...

9.9CVSS5.5AI score0.00183EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/13 6:47 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the metaRegex function. An attacker can access internal network resources by crafting a malicious issuer URL that bypasses validation and causes the system to send HTTP GET requests to arbitrary...

7.2CVSS7AI score0.0022EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/01/16 9:13 p.m.48 views

Breaking unlinkability in Identity Mixer using malicious keys

CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key ...

5.3CVSS6.8AI score0.00428EPSS
Exploits1References5Affected Software2
Spring Security Advisories
Spring Security Advisories
added 2018/12/18 12:0 a.m.7 views

Authorization Bypass During JWT Issuer Validation with spring-security

Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWT...

7.4CVSS6.1AI score0.00653EPSS
Exploits0References2
Rows per page
Query Builder