Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Biscuit\-Go
(Biscuitsec)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 1 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-06-13 | CVE-2022-31053 | Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid G-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and... | Biscuit\-Auth, Biscuit\-Go, Biscuit\-Haskell, Biscuit\-Java | 9.8 |