GHSA-v5rv-hpxg-8x49
Suggest an improvement- Source
- https://github.com/advisories/GHSA-v5rv-hpxg-8x49
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/01/GHSA-v5rv-hpxg-8x49/GHSA-v5rv-hpxg-8x49.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-v5rv-hpxg-8x49
- Aliases
- Published
- 2021-01-13T19:13:11Z
- Modified
- 2024-12-02T05:45:07.113843Z
- Summary
- Signature validation bypass in ServiceStack
- Details
-
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.
- Database specific
{ "nvd_published_at": "2020-11-02T21:15:00Z", "cwe_ids": [ "CWE-347" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-01-13T19:12:58Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-28042
- https://github.com/ServiceStack/ServiceStack/commit/540d4060e877a03ae95343c1a8560a26768585ee
- https://forums.servicestack.net/t/servicestack-v5-9-2-released/8850
- https://snyk.io/vuln/SNYK-DOTNET-SERVICESTACK-1035519
- https://www.nuget.org/packages/ServiceStack
- https://www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass
- https://www.shielder.it/blog/2020/11/re-discovering-a-jwt-authentication-bypass-in-servicestack
Affected packages
NuGet / ServiceStack
Package
- Name
- ServiceStack
- View open source insights on deps.dev
- Purl
- pkg:nuget/ServiceStack
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.9.2
Affected versions
2.*
2.2.2
2.9.0
2.92.0
2.93.0
2.95.0
2.96.0
3.*
3.0.0
3.0.5
3.0.6
3.0.7
3.0.9
3.1.0
3.1.1
3.1.3
3.1.6
3.1.7
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9
3.4.0
3.4.1
3.4.2
3.4.3
3.4.8
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.5.7
3.5.8
3.5.9
3.6.0
3.6.2
3.6.3
3.6.5
3.6.6
3.6.7
3.6.9
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.7
3.7.8
3.7.9
3.8.3
3.8.5
3.8.7
3.8.8
3.9.0
3.9.1
3.9.2
3.9.3
3.9.4
3.9.5
3.9.6
3.9.7
3.9.8
3.9.9
3.9.10
3.9.11
3.9.14
3.9.15
3.9.16
3.9.17
3.9.18
3.9.19
3.9.21
3.9.22
3.9.23
3.9.24
3.9.25
3.9.28
3.9.32
3.9.33
3.9.34
3.9.35
3.9.37
3.9.38
3.9.40
3.9.42
3.9.43
3.9.44
3.9.45
3.9.46
3.9.47
3.9.48
3.9.49
3.9.53
3.9.54
3.9.55
3.9.56
3.9.58
3.9.59
3.9.60
3.9.61
3.9.62
3.9.63
3.9.64
3.9.65
3.9.66
3.9.67
3.9.68
3.9.69
3.9.70
3.9.71
4.*
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.11
4.0.12
4.0.13
4.0.14
4.0.15
4.0.16
4.0.17
4.0.18
4.0.19
4.0.20
4.0.21
4.0.22
4.0.23
4.0.24
4.0.30
4.0.31
4.0.32
4.0.33
4.0.34
4.0.35
4.0.36
4.0.38
4.0.40
4.0.42
4.0.44
4.0.46
4.0.48
4.0.50
4.0.52
4.0.54
4.0.56
4.0.58
4.0.60
4.0.62
4.5.0
4.5.2
4.5.4
4.5.6
4.5.8
4.5.10
4.5.12
4.5.14
5.*
5.0.0
5.0.2
5.1.0
5.2.0
5.4.0
5.5.0
5.6.0
5.7.0
5.8.0
5.9.0