hackage package
biscuit-haskell
pkg:hackage/biscuit-haskell
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-42350 | Low | 3.0 | >= 0.3.0.0, < 0.4.0.0 | 0.4.0.0 | Aug 5, 2024 | Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBl | |
| CVE-2024-41949 | — | >= 0.3.0.0, < 0.4.0.0 | 0.4.0.0 | Aug 1, 2024 | biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, pr | ||
| CVE-2022-31053 | — | >= 0.1.0.0, < 0.2.0.0 | 0.2.0.0 | Jun 13, 2022 | Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any ac |
- affected >= 0.3.0.0, < 0.4.0.0fixed 0.4.0.0
Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBl
- CVE-2024-41949Aug 1, 2024affected >= 0.3.0.0, < 0.4.0.0fixed 0.4.0.0
biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent, pr
- CVE-2022-31053Jun 13, 2022affected >= 0.1.0.0, < 0.2.0.0fixed 0.2.0.0
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any ac