GO-2022-0564

Source
https://pkg.go.dev/vuln/GO-2022-0564
Import Source
https://vuln.go.dev/ID/GO-2022-0564.json
Aliases
Published
2022-08-15T18:02:15Z
Modified
2023-11-08T04:09:24.375057Z
Details

An attacker can forge Biscuit v1 tokens with any access level.

There is no known workaround for Biscuit v1. The Biscuit v2 specification avoids this vulnerability.

References

Affected packages

Go / github.com/biscuit-auth/biscuit-go

Package

Name
github.com/biscuit-auth/biscuit-go

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown

Ecosystem specific 

{
    "imports": [
        {
            "path": "github.com/biscuit-auth/biscuit-go"
        }
    ]
}