exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2022-25898

больше 3 лет назад

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.

CVSS3: 7.7

EPSS: Низкий

GHSA-3fvg-4v2m-98jf

больше 3 лет назад

JWS and JWT signature validation vulnerability with special characters

CVSS3: 8.6

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2022-25898 The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method.	CVSS3: 7.7	2% Низкий	больше 3 лет назад
	GHSA-3fvg-4v2m-98jf JWS and JWT signature validation vulnerability with special characters	CVSS3: 8.6	2% Низкий	больше 3 лет назад

Уязвимостей на страницу