Vendor
Jwtk
Products
2
CVEs
2
Across products
2
Status
Private
Products
2- 1 CVE
- 1 CVE
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31033 | Med | 0.44 | 6.8 | 0.00 | Apr 1, 2024 | JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class. NOTE:… | ||
| CVE-2024-34273 | Med | 0.31 | 5.9 | 0.00 | May 16, 2024 | njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method. |
- risk 0.44cvss 6.8epss 0.00
JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class. NOTE:…
- risk 0.31cvss 5.9epss 0.00
njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method.