1. Home
  2. Security Advisories
  3. Maven
  4. MAVEN:GHSA-6G3C-2MH5-7Q6X

[MAVEN:GHSA-6G3C-2MH5-7Q6X] Missing validation of JWT signature in `ManyDesigns/Portofino`

Severity Critical
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

Impact

Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens.
This allows forging a valid JWT.

Patches

The issue will be patched in the upcoming 5.2.1 release.

For more information

If you have any questions or comments about this advisory:
* Open an issue in https://github.com/ManyDesigns/Portofino

Package Affected Version
pkg:maven/com.manydesigns/portofino-dispatcher >= 5.0.0, < 5.2.1
pkg:maven/com.manydesigns/portofino-core >= 5.0.0, < 5.2.1
Package Fixed Version
pkg:maven/com.manydesigns/portofino-dispatcher = 5.2.1
pkg:maven/com.manydesigns/portofino-core = 5.2.1
ID
MAVEN:GHSA-6G3C-2MH5-7Q6X
Severity
critical
URL
https://github.com/advisories/GHSA-6g3c-2mh5-7q6x
Published
2021-04-19T14:56:33
(3 years ago)
Modified
2023-09-25T16:03:48
(11 months ago)
Rights
Maven Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/com.manydesigns/portofino-dispatcher com.manydesigns portofino-dispatcher >= 5.0.0 < 5.2.1
Fixed pkg:maven/com.manydesigns/portofino-dispatcher com.manydesigns portofino-dispatcher = 5.2.1
Affected pkg:maven/com.manydesigns/portofino-core com.manydesigns portofino-core >= 5.0.0 < 5.2.1
Fixed pkg:maven/com.manydesigns/portofino-core com.manydesigns portofino-core = 5.2.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date