Home > Vulnerability Database > WS-2020-0123

Mend.io Vulnerability Database

WS-2020-0123

Good to know:

Date: June 17, 2020

Affected versions of @sap-cloud-sdk/core do not properly validate JWTs. The verifyJwt() function does not properly validate the URL from where the public verification key for the JWT can be downloaded. Any URL was trusted which makes it possible to provide a URL belonging to a manipulated JWT.

Language: JS

Severity Score

5.3

Related Resources (2)

Url: https://www.npmjs.com/advisories/1540

Url: https://www.mend.io/vulnerability-database/WS-2020-0123

Severity Score

5.3

Weakness Type (CWE)

Improper Authorization

CWE-285

Top Fix

Upgrade Version

Upgrade to version 1.21.2

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2020-0123

Good to know:

Date: June 17, 2020

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?