com.inversoft:prime-jwt@1.3.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the com.inversoft:prime-jwt package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
JWT Signature Bypass

com.inversoft:prime-jwt is a JWT signature encoder and decoder.

Affected versions of this package are vulneravle to JWT Signature Bypass. It allows any non-signed JWT signatures to be decoded and validated by the JWTDecoder class, even when a Verifier object is provided.

How to fix JWT Signature Bypass?

Upgrade prime-jwt to version 1.3.1 or higher.

[,1.3.1)