CVE-2020-28042

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-28042

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28042.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-28042

Aliases

GHSA-v5rv-hpxg-8x49

Published

2020-11-02T21:15:31.320Z

Modified

2026-04-10T04:26:42.502568Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.

References

Affected packages

Git / github.com/servicestack/servicestack

Affected ranges

Type

GIT

Repo

https://github.com/servicestack/servicestack

Events

Introduced

Fixed

b3f3f3f3df9eae8f665aa3b02ce707c4902c62dc

Fixed

540d4060e877a03ae95343c1a8560a26768585ee

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.9.2"
        }
    ]
}

Affected versions

Other

v3-snapshot

v4.*

v4.0.10-sync

v4.0.17

v4.0.18

v4.0.19

v4.0.20

v4.0.21

v4.0.22

v4.0.23

v4.0.24

v4.0.30

v4.0.31

v4.0.32

v4.0.33

v4.0.34

v4.0.35

v4.0.36

v4.0.38

v4.0.40

v4.0.42

v4.0.44

v4.0.46

v4.0.48

v4.0.50

v4.0.52

v4.0.54

v4.0.56

v4.0.58

v4.0.60

v4.0.62

v4.5.0

v4.5.12

v4.5.2

v4.5.4

v4.5.6

v4.5.8

v5.*

v5.0.2

v5.1.0

v5.2.0

v5.4

v5.5

v5.6

v5.7

v5.8

v5.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28042.json"