Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:36135
HistoryJun 27, 2022 - 3:47 a.m.

Insecure Signature Verification

2022-06-2703:47:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
jsrsasign
insecure
signature verification
vulnerability
jws
jwt
non-base64url encoding
special characters
escaped characters

EPSS

0.01

Percentile

83.7%

jsrsasign is vulnerable to insecure signature verification. The vulnerability exists because the library does not properly validate the JWS or JWT signature with non-Base64URL encoding special characters or number escaped characters such as !@$% or \11

EPSS

0.01

Percentile

83.7%

Related for VERACODE:36135