-
# JWT bomb Attack in decode function
## 0x01 Affected version
vendor: https://github.com/mpdavis/python-jose
version: 3.3.0
## 0x02 What kind of vulnerability is it? Who is impacted?
This vul…
-
**Which version of Microsoft.IdentityModel are you using?**
The program was originally running version 6.33.0 when it was working.
Microsoft.IdentityModel 7.4.0
**Where is the issue?**
* [ ] M.…
-
### Steps to Reproduce
I'm unable to issue passphrase protected certificate with the key using `step ca certificate` command. If I use command like below:
`step ca certificate test-cert test-cert…
-
Hello,
yarn audit show this output jose dependency is vulnerable is it possible to upgrade or replace it ?
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ m…
-
I'm trying to enable the Auth0 authentication.
Currently I'm able to access the rs-ui login window, click login, enter credentials using Auth0's Universal Login, and get redirected back to Restrea…
-
Feature
=========
To ensure compatibility and transparency, the self encoded access tokens should be structured based on an open standard, such as [JWT][JWT]. Since private data is needed for seve…
-
While packaging this package for openSUSE we try to start running the testsuite during the packaging (so that we may catch some unexpected failure to build package correctly) and when running `tests/j…
mcepl updated
2 years ago
-
Currently, when the property `mp.jwt.decrypt.key.location` is specified, signed tokens must be rejected. But this means that a service that is part of two or more applications, a basic concept of a mi…
-
**Is your feature request related to a problem? Please describe.**
We have currently only handing JWS but we have not handled JWE so under this enhancement we are looking to add:
1. Analysing Vul…
-
I'm trying to use the encrypt method. When I call JWE.encrypt it throws the error
```bash
(undefined method `public_encrypt' for #)
```
```ruby
require 'json'
require 'open-uri'
require 'jwe…