[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2024-33531Date: (C)2024-04-24   (M)2024-04-25


cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM.

Reference:
https://github.com/cdbattags/lua-resty-jwt/commit/d1558e2afefe868fea1e7e9a4b04ea94ab678a85
https://github.com/cdbattags/lua-resty-jwt/issues/61
https://insinuator.net/2023/10/lua-resty-jwt-authentication-bypass/

© SecPod Technologies