You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerable Package issue exists @ GoModules-github.com/dgrijalva/jwt-go-v3.2.0 in branch main
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
Vulnerable Package issue exists @ GoModules-github.com/dgrijalva/jwt-go-v3.2.0 in branch main
jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
Namespace: amitshalemCx
Repository: ast-advanced-lab
Repository Url: https://github.com/amitshalemCx/ast-advanced-lab
CxAST-Project: amitshalemCx/ast-advanced-lab
CxAST platform scan: e4664af5-6704-4007-97f2-d490d09af097
Branch: main
Application: ast-advanced-lab
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-862
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: HIGH
Availability impact: NONE
Remediation Upgrade Recommendation: v2.2.1-0.20141103211122-47b263f02057+incompatible
References
Advisory
Pull request
Issue
The text was updated successfully, but these errors were encountered: