2 matches found
GHSA-GCGW-Q47M-PRVJ Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-59c9-pxq8-9c73. This link is maintained to preserve external references. Original Description SAP BTP Security Services Integration Library Java cloud-security-services-integration-library - versions below 2.17....
SignatureValidator.recoverAddrImpl for mode Multisig checks only the last value is different to zero address
Lines of code Vulnerability details Description Current implementation when mode == SignatureMode.Multisig only checks that the last time signer is calculated is different from zero address. The variable signer is overwritten with a new value, based on the previous value and the current signature...