Crypt-JWT-0.021

Security Advisories (2)

CVE-2019-1010263 (2019-03-20)

Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. The impact is: allow attackers to bypass authentication by providing a token by crafting with hmac(). The component is: JWT.pm, line 614. The attack vector is: network connectivity. The fixed version is: after commit b98a59b42ded9f9e51b2560410106207c2152d6c.

CVE-2019-1010161 (2019-03-20)

perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.

https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483

Changes for version 0.021 - 2018-03-15

fix #13 off-by-one in exp verification

Modules

Crypt::JWT

JSON Web Token (JWT, JWS, JWE) as defined by RFC7519, RFC7515, RFC7516

Crypt::KeyWrap

Key management/wrapping algorithms defined in RFC7518 (JWA)

Other files

To install Crypt::JWT, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::JWT

CPAN shell

perl -MCPAN -e shell
install Crypt::JWT

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

Changes for version 0.021 - 2018-03-15

Modules

Other files

Module Install Instructions

Keyboard Shortcuts