Back

CVE-2024-33531

April 24, 2024, 1:39 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

lua-resty-jwt

  • 0.2.3

Source

cve@mitre.org

Tags

CVE-2024-33531 details

Published : April 24, 2024, 6:15 a.m.
Last Modified : April 24, 2024, 1:39 p.m.

Description

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/cdbattags/lua-resty-jwt/commit/d1558e2afefe868fea1e7e9a4b04ea94ab678a85 cve@mitre.org
https://github.com/cdbattags/lua-resty-jwt/issues/61 cve@mitre.org
https://insinuator.net/2023/10/lua-resty-jwt-authentication-bypass/ cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.