KANIXB/JWTIssues

Releases0

This repository contains some cryptographic issues in the libraries used for JWT.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-31580 ↗	Oct 25, 2023Wednesday, 25 October 2023, 18:17	5.9 MEDIUM	—
light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.
CVE-2023-31582 ↗	Oct 25, 2023Wednesday, 25 October 2023, 18:17	7.5 HIGH	—
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.