VYPR
Critical severityNVD Advisory· Published Apr 16, 2021· Updated Aug 3, 2024

Missing validation of JWT signature in `ManyDesigns/Portofino`

CVE-2021-29451

Description

Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.manydesigns:portofino-dispatcherMaven
>= 5.0.0, < 5.2.15.2.1
com.manydesigns:portofino-coreMaven
>= 5.0.0, < 5.2.15.2.1

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.