Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing validation of JWT signature in `grassrootza/grassroot-platform`
Vulnerability Description
Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 2021-04-16 did not properly verify the signature of JSON Web Tokens when refreshing an existing JWT. This allows to forge a valid JWT. The problem has been patched in version 1.3.1 by deprecating the JWT refresh function, which was an overdue deprecation regardless (the "refresh" flow is no longer used).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Luke Jordan Grassroot Platform 数据伪造问题漏洞
Vulnerability Description
Luke Jordan grassroot-platform是Luke Jordan开源的一个应用软件。一个能够更快,更便宜和更容易地持续组织和动员低收入社区中的人们的应用程序。 Luke Jordan Grassroot Platform 存在安全漏洞,该漏洞允许伪造一个有效的JWT。
CVSS Information
N/A
Vulnerability Type
N/A