CVE-2017-10862

MEDIUM

jwt-scala < 1.2.2 - Insufficient Verification of Data Authenticity

Title source: llm

Description

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token.

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://github.com/reallylabs/jwt-scala

View Writeup ZIP pw:eip

Third Party Advisory, VDB Entry x_refsource_misc

https://jvn.jp/en/vu/JVNVU90916766/index.html

Scores

CVSS v3 5.3

EPSS 0.0058

EPSS Percentile 43.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-345

Status published

Products (3)

io.really/jwt-scala 0Maven

really/jwt-scala < 1.2.2

reallyl IO/jwt-scala 1.2.2 and earlier

Published Oct 12, 2017

Tracked Since Feb 18, 2026