GHSA-6g3c-2mh5-7q6x

Source
https://github.com/advisories/GHSA-6g3c-2mh5-7q6x
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-6g3c-2mh5-7q6x/GHSA-6g3c-2mh5-7q6x.json
Aliases
Published
2021-04-19T14:56:33Z
Modified
2024-02-16T08:20:14.777827Z
Details

Impact

Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT.

Patches

The issue will be patched in the upcoming 5.2.1 release.

For more information

If you have any questions or comments about this advisory: * Open an issue in https://github.com/ManyDesigns/Portofino

References

Affected packages

Maven / com.manydesigns:portofino-dispatcher

Package

Name
com.manydesigns:portofino-dispatcher

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0
Fixed
5.2.1

Affected versions

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.2.0

Maven / com.manydesigns:portofino-core

Package

Name
com.manydesigns:portofino-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0
Fixed
5.2.1

Affected versions

5.*

5.0.0
5.0.1
5.0.2
5.0.3
5.1.0
5.1.1
5.1.2
5.1.3
5.1.4
5.2.0