CVE-2021-29451

Improper Verification of Cryptographic Signature in maven/com.manydesigns/portofino

Identifier

CVE-2021-29451

Package Slug

maven/com.manydesigns/portofino

Vulnerability

Improper Verification of Cryptographic Signature

Description

Portofino is an open source web development framework. Portofino did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming release.

Affected Versions

All versions starting from 5.0.0 before 5.2.1

Solution

Upgrade to version 5.2.1 or above.

Last Modified

2021-04-30

source