Описание
Missing validation of JWT signature in ManyDesigns/Portofino
Impact
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT.
Patches
The issue will be patched in the upcoming 5.2.1 release.
For more information
If you have any questions or comments about this advisory:
- Open an issue in https://github.com/ManyDesigns/Portofino
Пакеты
Наименование
com.manydesigns:portofino-dispatcher
maven
Затронутые версииВерсия исправления
>= 5.0.0, < 5.2.1
5.2.1
Наименование
com.manydesigns:portofino-core
maven
Затронутые версииВерсия исправления
>= 5.0.0, < 5.2.1
5.2.1
Связанные уязвимости
CVSS3: 9.1
nvd
почти 5 лет назад
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.