Lucene search
K

11 matches found

Veracode
Veracode
added 2024/05/22 7:16 a.m.6 views

Authentication Bypass

namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation which permits tokens signed with 'none' algorithms to be processed, effectively allowing authentication to bypass signature validation...

7.4AI score
Exploits0
Veracode
Veracode
added 2024/05/22 5:58 a.m.12 views

Authentication Bypass

namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to an implementation error in the validation process for digital signatures using asymmetric algorithms. which allows attackers to forge tokens by exploiting the signature verification flaw...

7.1AI score
Exploits0
OSV
OSV
added 2024/05/17 10:31 p.m.19 views

GHSA-4RR6-GF59-GGW5 namshi/jose - Verification bypass

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

7.3AI score
Exploits0References4
OSV
OSV
added 2024/05/17 10:31 p.m.13 views

GHSA-HXHC-WMG8-XRQF namshi/jose insecure JSON Web Signatures (JWS)

namshi/jose allows the acceptance of unsecure JSON Web Signatures JWS by default. The vulnerability arises from the $allowUnsecure flag, which, when set to true during the loading of JWSes, permits tokens signed with 'none' algorithms to be processed. This behavior poses a significant security ri...

7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/17 10:31 p.m.30 views

namshi/jose insecure JSON Web Signatures (JWS)

namshi/jose allows the acceptance of unsecure JSON Web Signatures JWS by default. The vulnerability arises from the $allowUnsecure flag, which, when set to true during the loading of JWSes, permits tokens signed with 'none' algorithms to be processed. This behavior poses a significant security ri...

7AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.5 views

PT-2024-40080 · Php-Jwt +4 · Php-Jwt +4

Name of the Vulnerable Software and Affected Versions: node-jsonwebtoken affected versions not specified pyjwt affected versions not specified namshi/jose affected versions not specified php-jwt affected versions not specified jsjwt affected versions not specified Description: The issue affects...

7.3AI score
Exploits0References5
Veracode
Veracode
added 2017/10/10 2:38 a.m.13 views

Timing Attack

namshi/jose is vulnerable to timing attack. The vulnerability exists because it does not use a constant-time comparison when verifying HMAC values...

6.6AI score
Exploits0
CNVD
CNVD
added 2015/07/09 12:0 a.m.3 views

namshi/jose input validation vulnerability

namshi/jose is a PHP library for processing JSON Web markup . A security vulnerability exists in namshi/jose. A remote attacker can exploit the vulnerability to bypass signature verification via a specially crafted token in a JSON Web Tokens JWT header...

5CVSS7.1AI score0.01385EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/07/05 1:0 a.m.22 views

CVE-2015-2964

NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens JWT header...

6.5AI score0.01385EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/25 6:0 a.m.5 views

namshi/jose fails to verify token signatures

Overview namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

5CVSS6.6AI score0.01385EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/06/25 12:0 a.m.40 views

JVN#25336719: namshi/jose fails to verify token signatures

namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Impact Specially crafted tokens may be validated as token data with valid signatures. Solution Update the Software Update to the...

5CVSS6.1AI score0.01385EPSS
Exploits0
Rows per page
Query Builder