VYPR

Biscuit

by Biscuit Auth

Source repositories

CVEs (4)

  • CVE-2024-42350LowAug 5, 2024
    risk 0.13cvss 3.0epss 0.00

    Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a…

  • CVE-2024-41948Aug 1, 2024
    risk 0.00cvss epss 0.00

    biscuit-java is the java implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent,…

  • CVE-2024-41949Aug 1, 2024
    risk 0.00cvss epss 0.00

    biscuit-rust is the Rust implementation of Biscuit, an authentication and authorization token for microservices architectures. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a ThirdPartyBlock request can be sent,…

  • CVE-2022-31053Jun 13, 2022
    risk 0.00cvss epss 0.01

    Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any…