Описание
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
Ссылки
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.0.0 (включая) до 5.2.1 (исключая)
cpe:2.3:a:manydesigns:portofino:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.002
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 9.1
github
почти 5 лет назад
Missing validation of JWT signature in `ManyDesigns/Portofino`
EPSS
Процентиль: 42%
0.002
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-347