Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
json web token project json web token - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-10004
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.
Json Web Token Project Json Web Token -
NA
CVE-2022-38493
Rhonabwy 0.9.99 up to and including 1.1.x prior to 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows malicious users to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
Rhonabwy Project Rhonabwy
187
VMScore
CVE-2021-41106
JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms (HS256, HS384, and HS512) combined with `Lcobucci\JWT\Signer\Key\LocalFileReference` as key are having their tokens issued/validated usin...
Jwt Project Jwt
446
VMScore
CVE-2017-11424
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not a...
Pyjwt Project Pyjwt
Debian Debian Linux 8.0
Debian Debian Linux 9.0
3 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started