Tag
high
advisory
fast-jwt Library Vulnerability Allows crit Header Validation Bypass
2 rules 1 TTP 1 CVEThe fast-jwt library fails to validate the 'crit' header, allowing attackers to bypass security policies and potentially achieve split-brain verification in mixed-library environments.
jwt
vulnerability
authentication
authorization
2r
1t
1c
critical
advisory
fast-jwt Library JWT Algorithm Confusion Vulnerability
2 rules 1 TTP 1 CVEThe fast-jwt library is vulnerable to JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key due to an incomplete fix for CVE-2023-48223, allowing attackers to bypass intended security measures by exploiting leading whitespace in the RSA public key, enabling attackers to sign arbitrary payloads that will be accepted by the verifier, potentially leading to privilege escalation.
jwt
algorithm-confusion
vulnerability
fast-jwt
nodejs
2r
1t
1c
high
advisory
Budibase XSS Leads to Account Takeover via JWT Theft
2 rules 1 TTPThe `budibase:auth` cookie in Budibase is set without the `httpOnly` flag, enabling attackers with XSS to steal JWTs and gain persistent access to user accounts.
Budibase
xss
account takeover
jwt
cookie
2r
1t