Vulnerabilities > CVE-2021-29451 - Unspecified vulnerability in Manydesigns Portofino
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 13 |
References
- https://github.com/ManyDesigns/Portofino/commit/8c754a0ad234555e813dcbf9e57d637f9f23d8fb
- https://github.com/ManyDesigns/Portofino/commit/8c754a0ad234555e813dcbf9e57d637f9f23d8fb
- https://github.com/ManyDesigns/Portofino/security/advisories/GHSA-6g3c-2mh5-7q6x
- https://github.com/ManyDesigns/Portofino/security/advisories/GHSA-6g3c-2mh5-7q6x
- https://mvnrepository.com/artifact/com.manydesigns/portofino
- https://mvnrepository.com/artifact/com.manydesigns/portofino