CVE-2021-29451

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-29451
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29451.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-29451
Aliases
Published
2021-04-16T22:15:14Z
Modified
2024-05-30T02:57:21.823960Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.

References

Affected packages

Git / github.com/manydesigns/portofino

Affected ranges

Type
GIT
Repo
https://github.com/manydesigns/portofino
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

4.*

4.0.0
4.0.1
4.0.10
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.beta1
4.0.beta2
4.0.beta3
4.0.beta4
4.0.beta5
4.0.beta6
4.0.beta7
4.0.rc1
4.0.rc2
4.0.rc3
4.0.rc4
4.0.rc5
4.0.rc6
4.0.rc7
4.0.rc8
4.1
4.1.1
4.1.2
4.1.3
4.1.beta1
4.1.beta2
4.1.beta3
4.1.beta4
4.1.beta5
4.1.beta6
4.2
4.2.1
4.2.2
4.2.3

5.*

5.0-alpha.2
5.0-beta.1
5.0.0
5.0.1
5.0.2
5.0.3
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.2-RC1
5.2.0