漏洞信息详情
ServiceStack Framework 数据伪造问题漏洞
漏洞简介
ServiceStack Framework是一款Web应用程序框架。
ServiceStack 5.9.2之前版本存在安全漏洞,该漏洞有可能会错误的处理JWT签名验证。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://support.f5.com/csp/article/K21540525
参考网址
来源:MISC
链接:https://www.shielder.it/blog/2020/11/re-discovering-a-jwt-authentication-bypass-in-servicestack/
来源:MISC
链接:https://forums.servicestack.net/t/servicestack-v5-9-2-released/8850
来源:MISC
链接:https://www.shielder.it/advisories/servicestack-jwt-signature-verification-bypass/
来源:MISC
链接:https://github.com/ServiceStack/ServiceStack/commit/540d4060e877a03ae95343c1a8560a26768585ee
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-28042
受影响实体
暂无
补丁
- ServiceStack Framework 数据伪造问题漏洞的修复措施<!--2020-11-2-->
还没有评论,来说两句吧...