Lucene search
K

4 matches found

OSV
OSV
added 2026/05/09 12:45 a.m.3 views

GHSA-HM8Q-7F3Q-5F36 Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()

Summary Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This issue is not exploitable by an anonymous attacker; it only manifests when a malformed claim value reaches...

3.8CVSS5.8AI score0.00216EPSS
Exploits0References3
CVE
CVE
added 2026/02/04 9:31 p.m.54 views

CVE-2026-25537

CVE-2026-25537 concerns a type-confusion in the jsonwebtoken crate (Rust) prior to 10.3.0, where malformed standard claims may be treated as not present, bypassing time-based checks. Connected Fedora advisories indicate vaultwarden (Bitwarden-compatible server) updates to 1.36.0 address multiple ...

7.5CVSS5.4AI score0.00443EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/03 6:47 p.m.8 views

jsonwebtoken has Type Confusion that leads to potential authorization bypass

Summary: It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s internal parsing mechanism...

7.5CVSS5.8AI score0.00443EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6431

Summary: It has been discovered that there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard claim such as nbf or exp is provided with an incorrect JSON type Like a String instead of a Number, the library’s internal parsing mechanism...

6.9CVSS5.7AI score0.00443EPSS
Exploits1References5
Rows per page
Query Builder