CVE-2021-29451

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-29451

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29451.json

Aliases

GHSA-6g3c-2mh5-7q6x

Published

2021-04-16T22:15:14Z

Modified

2023-11-29T08:45:52.287165Z

Details

Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.

References

Affected packages

Git / github.com/ManyDesigns/Portofino

Affected ranges

Type: GIT
Repo: https://github.com/ManyDesigns/Portofino
Events: Introduced

0The exact introduced commit is unknown

Fixed

8c754a0ad234555e813dcbf9e57d637f9f23d8fb

Type: GIT
Repo: https://github.com/manydesigns/portofino
Events: Introduced

3becdfb103086ae47d5a5f3a25699eae86aff359

Fixed

b8d6a89e94d56247186951a45581b40cac20c32a

Affected versions

4.*

4.0.0

4.0.1

4.0.10

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.beta1

4.0.beta2

4.0.beta3

4.0.beta4

4.0.beta5

4.0.beta6

4.0.beta7

4.0.rc1

4.0.rc2

4.0.rc3

4.0.rc4

4.0.rc5

4.0.rc6

4.0.rc7

4.0.rc8

4.1

4.1.1

4.1.2

4.1.3

4.1.beta1

4.1.beta2

4.1.beta3

4.1.beta4

4.1.beta5

4.1.beta6

4.2

4.2.1

4.2.2

4.2.3

5.*

5.0-alpha.2

5.0-beta.1

5.0.0

5.0.1

5.0.2

5.0.3

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.2-RC1

5.2.0