Lucene search
Veracode Vulnerability DatabaseVERACODE:27732HistoryNov 03, 2020 - 3:38 a.m.
Signature Validation Bypass
2020-11-0303:38:55
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.002 Low
EPSS
Percentile
60.9%
servicestack is vulnerable to signature validation bypass. The token validation function does not check a valid minimum length and null for a JWT signature, allowing an attacker to bypass the signature verification.
| CPE | Name | Operator | Version |
|---|---|---|---|
| servicestack.common | eq | 4.5.14 | |
| servicestack.common | le | 5.9.0 |
References
forums.servicestack.net/t/servicestack-v5-9-2-released/8850
github.com/ServiceStack/ServiceStack/commit/540d4060e877a03ae95343c1a8560a26768585ee
www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass/
www.shielder.it/blog/2020/11/re-discovering-a-jwt-authentication-bypass-in-servicestack/
Related
cve
cve
CVE-2020-28042
2020-11-02 21:15:31
cvelist
cvelist
CVE-2020-28042
2020-11-01 04:50:48
nvd
nvd
CVE-2020-28042
2020-11-02 21:15:31
osv
osv
Signature validation bypass in ServiceStack
2021-01-13 19:13:11
CVE-2020-28042
2020-11-02 21:15:31
prion
prion
Code injection
2020-11-02 21:15:00
github
github
Signature validation bypass in ServiceStack
2021-01-13 19:13:11