We found results for “”
WS-2015-0045
Good to know:
Date: December 11, 2017
jsonwebtoken before v4.2.0, PyJWT before 1.0.0, and PHP jose before 2.2.0 allows bypass verification step. An attacker may specify which method to use in order to verify the signature.
Language: Python
Severity Score
Severity Score
Weakness Type (CWE)
Authentication Bypass Using an Alternate Path or Channel
CWE-288Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |