Lucene search
GoogleOSV:CVE-2020-28042HistoryNov 02, 2020 - 9:15 p.m.
CVE-2020-28042
2020-11-0221:15:31
Google
osv.dev
8
servicestack
jwt signature verification
validatetoken
minimum length
software
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.
References
forums.servicestack.net/t/servicestack-v5-9-2-released/8850
github.com/ServiceStack/ServiceStack/commit/540d4060e877a03ae95343c1a8560a26768585ee
www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass/
www.shielder.it/blog/2020/11/re-discovering-a-jwt-authentication-bypass-in-servicestack/
Related
cve
cve
CVE-2020-28042
2020-11-02 21:15:31
osv
osv
Signature validation bypass in ServiceStack
2021-01-13 19:13:11
github
github
Signature validation bypass in ServiceStack
2021-01-13 19:13:11
veracode
veracode
Signature Validation Bypass
2020-11-03 03:38:55
prion
prion
Code injection
2020-11-02 21:15:00
cvelist
cvelist
CVE-2020-28042
2020-11-01 04:50:48
nvd
nvd
CVE-2020-28042
2020-11-02 21:15:31