Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
JSON Web Tokens not properly verified
Vulnerability Description
Common is a package of common modules that can be accessed by NIMBLE services. Common before commit number 3b96cb0293d3443b870351945f41d7d55cb34b53 did not properly verify the signature of JSON Web Tokens. This allows someone to forge a valid JWT. Being able to forge JWTs may lead to authentication bypasses. Commit number 3b96cb0293d3443b870351945f41d7d55cb34b53 contains a patch for the issue. As a workaround, one may use the parseClaimsJws method to correctly verify the signature of a JWT.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Common 安全漏洞
Vulnerability Description
NIMBLE Platform Common是一个可以被NIMBLE服务访问的通用模块包。 Common 存在安全漏洞,该漏洞源于未正确验证 JSON 网络令牌。攻击者可利用该漏洞伪造有效的 JWT 从而导致身份验证绕过。
CVSS Information
N/A
Vulnerability Type
N/A