PT-2021-19818 · Common · Common

Oliver-Jung

Published

2021-07-26

Updated

2021-08-13

CVE-2021-32631

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Common versions prior to commit 3b96cb0293d3443b870351945f41d7d55cb34b53

Description The issue is related to the improper verification of the signature of JSON Web Tokens (JWTs) in the Common package. This allows an attacker to forge a valid JWT, potentially leading to authentication bypasses.

Recommendations For versions prior to commit 3b96cb0293d3443b870351945f41d7d55cb34b53, update to a version that includes the patch, specifically commit 3b96cb0293d3443b870351945f41d7d55cb34b53. As a temporary workaround, consider using the parseClaimsJws method to correctly verify the signature of a JWT until the patch is applied.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2021-32631

GHSA-FJQ8-896W-PV28

Affected Products

Common

PT-2021-19818 · Common · Common

CVE-2021-32631

Weakness Enumeration

Related Identifiers

Affected Products

References · 7