Description

JPaseto before 0.3.0 generates weak hashes when using v2.local tokens.

Remediation

References

https://github.com/paseto-toolkit/jpaseto/releases/tag/jpaseto-0.3.0

Related Vulnerabilities

CVE-2019-10791 Vulnerability in npm package promise-probe

CVE-2019-1010206 Vulnerability in maven package com.github.kevinsawicki:http-request

CVE-2019-19771 Vulnerability in npm package cionstring

CVE-2017-1000487 Vulnerability in maven package org.codehaus.plexus:plexus-utils

CVE-2020-2256 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

Severity

High

Classification

CWE-326 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Third Party Advisory