Critical severityNVD Advisory· Published Apr 16, 2021· Updated Aug 3, 2024
Missing validation of JWT signature in `ManyDesigns/Portofino`
CVE-2021-29451
Description
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.manydesigns:portofino-dispatcherMaven | >= 5.0.0, < 5.2.1 | 5.2.1 |
com.manydesigns:portofino-coreMaven | >= 5.0.0, < 5.2.1 | 5.2.1 |
Affected products
3- ghsa-coords2 versions
>= 5.0.0, < 5.2.1+ 1 more
- (no CPE)range: >= 5.0.0, < 5.2.1
- (no CPE)range: >= 5.0.0, < 5.2.1
- Range: >= 5.0.0, < 5.2.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6g3c-2mh5-7q6xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-29451ghsaADVISORY
- github.com/ManyDesigns/Portofino/commit/8c754a0ad234555e813dcbf9e57d637f9f23d8fbghsax_refsource_MISCWEB
- github.com/ManyDesigns/Portofino/security/advisories/GHSA-6g3c-2mh5-7q6xghsax_refsource_CONFIRMWEB
- mvnrepository.com/artifact/com.manydesigns/portofinoghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.