Cross-Site Request Forgery (CSRF)

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to weak CSRF token validation relying on hash collisions in String.hashCode, which allows an attacker to forge requests with colliding tokens and perform unauthorized actions without the victim’s consent...

Convoy 数据伪造问题漏洞

Convoy is an open-source platform developed by Convoy for hosting providers and enthusiasts. Versions of Convoy from 3.9.0-beta to 4.5.1 contained a data manipulation vulnerability due to insufficient validation of JWT token signatures, which could lead to authentication bypasses...