crates.io package
biscuit-auth
pkg:cargo/biscuit-auth
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41949 | — | >= 4.0.0, < 5.0.0 | 5.0.0 | Aug 1, 2024 | biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, pr | ||
| CVE-2022-31053 | — | >= 1.0.0, < 2.0.0 | 2.0.0 | Jun 13, 2022 | Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any ac |
- CVE-2024-41949Aug 1, 2024affected >= 4.0.0, < 5.0.0fixed 5.0.0
biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, pr
- CVE-2022-31053Jun 13, 2022affected >= 1.0.0, < 2.0.0fixed 2.0.0
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any ac