Описание
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2021.build-snapshot (исключая)
cpe:2.3:a:bubble_fireworks_project:bubble_fireworks:*:*:*:*:*:*:*:*
EPSS
Процентиль: 30%
0.0011
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347
EPSS
Процентиль: 30%
0.0011
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347