Vulnerability Description
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Manydesigns | Portofino | >= 5.0.0, < 5.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/ManyDesigns/Portofino/commit/8c754a0ad234555e813dcbf9e57d637fPatchThird Party Advisory
- https://github.com/ManyDesigns/Portofino/security/advisories/GHSA-6g3c-2mh5-7q6xThird Party Advisory
- https://mvnrepository.com/artifact/com.manydesigns/portofinoThird Party Advisory
- https://github.com/ManyDesigns/Portofino/commit/8c754a0ad234555e813dcbf9e57d637fPatchThird Party Advisory
- https://github.com/ManyDesigns/Portofino/security/advisories/GHSA-6g3c-2mh5-7q6xThird Party Advisory
- https://mvnrepository.com/artifact/com.manydesigns/portofinoThird Party Advisory
FAQ
What is CVE-2021-29451?
CVE-2021-29451 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patch...
How severe is CVE-2021-29451?
CVE-2021-29451 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-29451?
Check the references section above for vendor advisories and patch information. Affected products include: Manydesigns Portofino.