GHSA-R65J-6H5F-4F92 Withdrawn: JJWT improperly generates signing keys

Withdrawn Advisory This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information. Original Description JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The...

CVE-2024-31033

JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...