Severity
Moderate
Affected Packages
1
CVEs
1
Withdrawn Advisory
This advisory has been withdrawn because it has been found to be disputed. Please see the issue here for more information.
Original Description
JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class.
Package | Affected Version |
---|---|
![]() |
<= 0.12.5 |
- ID
- MAVEN:GHSA-R65J-6H5F-4F92
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-r65j-6h5f-4f92
- Published
-
2024-04-01T03:30:38
(3 months ago) - Modified
-
2024-04-03T14:53:00
(3 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/io.jsonwebtoken/jjwt-impl | io.jsonwebtoken |
![]() |
<= 0.12.5 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |