CVE-2018-1000539
Last modified
CVE-2018-1000539 is a vulnerability of currently unknown severity. Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. EPSS estimates a 0.78% chance of exploitation in the next 30 days.
Description
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Json-Jwt Project | Json-Jwt | >= 0.5.0, < 1.9.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000539?
How severe is CVE-2018-1000539?
How do I fix CVE-2018-1000539?
Are you affected by CVE-2018-1000539?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST