Authorization Bypass

2020-09-3000:55:36

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

57.0%

JSON

github.com/dgrijalva/jwt-go is vulnerable to authorization bypass. The vulnerability exists as the audience verification succeeds even if the type assertion fails when the value of aud is "".

CPENameOperatorVersion
github.com/dgrijalva/jwt-gole4.0.0-preview1
mcgeq5.6.0__39.2279a46.5.6.el8
mcgeq2.1.0__31.b89a6f1.2.1.el8
mcgeq2.0.10__59.e905e55.2.0.el8
mcgeq2.2.0__14.3c9e4c4.2.2.el8
mcgeq2.2.0__26.827739d.2.2.el8
mcgeq2.2.0__21.825d1aa.2.2.el8
mcgeq5.6.0__40.2279a46.5.6.el8
mcgeq2.0.9__36.db6a79b.2.0.el8
mcgeq2.3.0__16.92eb175.2.3.el8

Name	Operator	Version
github.com/dgrijalva/jwt-go	le	4.0.0-preview1
mcg	eq	5.6.0__39.2279a46.5.6.el8
mcg	eq	2.1.0__31.b89a6f1.2.1.el8
mcg	eq	2.0.10__59.e905e55.2.0.el8
mcg	eq	2.2.0__14.3c9e4c4.2.2.el8
mcg	eq	2.2.0__26.827739d.2.2.el8
mcg	eq	2.2.0__21.825d1aa.2.2.el8
mcg	eq	5.6.0__40.2279a46.5.6.el8
mcg	eq	2.0.9__36.db6a79b.2.0.el8
mcg	eq	2.3.0__16.92eb175.2.3.el8