Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
- https://github.com/nov/jose-php/commit/1cce55e27adf0274193eb1cd74b927a398a3df4b
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/HiitCat/JWT-SecLabs
- https://github.com/Nucleware/powershell-jwt
- https://github.com/achmadismail173/jwt_exploit
- https://github.com/d3ck9/HTB-Under-Construction
- https://github.com/d7cky/HTB-Under-Construction
- https://github.com/google/pseudo-identity-provider
- https://github.com/mxcezl/JWT-SecLabs
- https://github.com/phramz/tc2022-jwt101
- https://github.com/suddenabnormalsecrets/pseudo-identity-provider
- https://github.com/vivekghinaiya/JWT_hacking