High severity8.1NVD Advisory· Published Apr 24, 2024· Updated Apr 15, 2026

CVE-2024-33531

Description

cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by crafting a JWT with an enc header with the value A256GCM.

Patches

d1558e2afefe

https://github.com/cdbattags/lua-resty-jwtvia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/cdbattags/lua-resty-jwt/commit/d1558e2afefe868fea1e7e9a4b04ea94ab678a85nvd
github.com/cdbattags/lua-resty-jwt/issues/61nvd
insinuator.net/2023/10/lua-resty-jwt-authentication-bypass/nvd

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000