CVE-2015-2951

CVE-2015-2951

EPSS 3.8%

JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://jvndb.jvn.jp/jvndb/JVNDB-2015-000073 http://jvn.jp/en/jp/JVN06120222/index.html https://github.com/F21/jwt/commit/a327cf9052df8f9f97728ca0b5fa78a8231b79b6 http://www.securityfocus.com/bid/75021