aegilops :github::microsoft: · @aegilops
85 followers · 296 posts · Server fosstodon.orgThat :javascript: JWT "vulnerability"?
Nope 🙅
Exploiting this requires a deserialization bug in an app using the library, or for an attacker to be able to control the code directly (at which point they have RCE already).
Not CVSS 7.6, by any means: it requires an app to be dangerously deserializing untrusted input into a field for security token validation! Most apps hardcode a string.
This is CVSS 0.
This bug is not a vulnerability.
#jwt #cve_2022_23529 #cve #javascript #paloaltounit42
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Hoaxcalls Botnet Exploits Symantec Secure Web Gateways - The fast-moving botnet has added an exploit for an unpatched bug in an unsupported version of the ... more: https://threatpost.com/hoaxcalls-botnet-symantec-secure-web-gateways/155806/ #symantecsecurewebgateway #vulnerabilities #paloaltounit42 #vulnerability #websecurity #end-of-life #propagation #hoaxcalls #unpatched #malware #exploit #botnet #mirai
#mirai #botnet #exploit #malware #unpatched #hoaxcalls #propagation #end #websecurity #vulnerability #paloaltounit42 #vulnerabilities #symantecsecurewebgateway