CVE-2024-33531

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM.

CVSS

No CVSS.

References

Link	Resource
https://github.com/cdbattags/lua-resty-jwt/commit/d1558e2afefe868fea1e7e9a4b04ea94ab678a85
https://github.com/cdbattags/lua-resty-jwt/issues/61
https://insinuator.net/2023/10/lua-resty-jwt-authentication-bypass/

Configurations

No configuration.

History

24 Apr 2024, 13:39

Type	Values Removed	Values Added
Summary		(es) cdbattags lua-resty-jwt 0.2.3 permite a los atacantes eludir todas las comprobaciones de firmas de análisis JWT creando un JWT con un encabezado enc con el valor A256GCM.

24 Apr 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-24 06:15

Updated : 2024-04-24 13:39

NVD link : CVE-2024-33531

Mitre link : CVE-2024-33531

CVE.ORG link : CVE-2024-33531

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-33531

Attach tags to `CVE-2024-33531`