Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing validation of JWT signature
Vulnerability Description
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
bubble fireworks 数据伪造问题漏洞
Vulnerability Description
bubble fireworks是开源的一款基于SpringBoot,SpringCloud,Mybatis Plus 的快速开发框架。 bubble fireworks 2021.BUILD-SNAPSHOT之前版本中存在数据伪造问题漏洞,该漏洞源于`fxbin/bubble-fireworks`包没有正确地验证JSON Web令牌的签名。该漏洞允许攻击者伪造有效的jwt。
CVSS Information
N/A
Vulnerability Type
N/A