22 matches found
CVE-2024-51744 Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
CVE-2024-51744
CVE-2024-51744 affects golang-jwt (Go JWT library). The issue arises in ParseWithClaims where, in dangerous scenarios (e.g., an invalid signature), the function may return immediately, preventing proper error aggregation and potentially allowing tokens that are valid in signature but invalid in c...