Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for jwt-scala by jwt-scala project

jvndb-2017-007582

Vulnerability from jvndb

Published

2017-09-26 15:37

Modified

2018-03-07 12:23

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Summary

jwt-scala fails to verify token signatures

Details

jwt-scala contains a vulnerability where it fails to verify token signatures correctly. jwt-scala is a Scala library to handle JSON Web Token (JWT). jwt-scala contains a vulnerability where it fails to verify token signatures correctly due to improper processing of JWT headers. Toshiharu Sugiyama of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to the developer and JPCERT/CC and directly coordinated with the developer. JPCERT/CC published this advisory as the developer agreed with the publication on JVN.

References

Type

URL

	JVN	http://jvn.jp/en/vu/JVNVU90916766/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10862
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-10862
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

jwt-scala project

jwt-scala

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-007582.html",
  "dc:date": "2018-03-07T12:23+09:00",
  "dcterms:issued": "2017-09-26T15:37+09:00",
  "dcterms:modified": "2018-03-07T12:23+09:00",
  "description": "jwt-scala contains a vulnerability where it fails to verify token signatures correctly.\r\n\r\njwt-scala is a Scala library to handle JSON Web Token (JWT).  jwt-scala contains a vulnerability where it fails to verify token signatures correctly due to improper processing of JWT headers.\r\n\r\nToshiharu Sugiyama of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to the developer and JPCERT/CC and directly coordinated with the developer. JPCERT/CC published this advisory as the developer agreed with the publication on JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-007582.html",
  "sec:cpe": {
    "#text": "cpe:/a:really:jwt-scala",
    "@product": "jwt-scala",
    "@vendor": "jwt-scala project",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-007582",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU90916766/index.html",
      "@id": "JVNVU#90916766",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10862",
      "@id": "CVE-2017-10862",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10862",
      "@id": "CVE-2017-10862",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    }
  ],
  "title": "jwt-scala fails to verify token signatures"
}