Products
lua-resty-jwt
- 0.2.3
Source
cve@mitre.org
Tags
CVE-2024-33531 details
Published : April 24, 2024, 6:15 a.m.
Last Modified : April 24, 2024, 1:39 p.m.
Last Modified : April 24, 2024, 1:39 p.m.
Description
cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://github.com/cdbattags/lua-resty-jwt/commit/d1558e2afefe868fea1e7e9a4b04ea94ab678a85 | cve@mitre.org |
https://github.com/cdbattags/lua-resty-jwt/issues/61 | cve@mitre.org |
https://insinuator.net/2023/10/lua-resty-jwt-authentication-bypass/ | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.