-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the validateAccessToken method using JwtParser's parse() method instead of secure alternatives like parseClaimsJws(). The code shows Jwts.parserBuilder().setSigningKey().build().parse() which doesn't validate signatures, as confirmed by: 1) CodeQL documentation about parse() vs parseClaimsJws() 2) Advisory mentions line 134 where parse() is called 3) CWE-347 directly maps to missing cryptographic signature verification. The method clearly implements JWT validation without proper signature checking.
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| acryl-datahub | pip | < 0.8.45 | 0.8.45 |
KEV Misses 88% of Exploited CVEs- Get the report