Vulnerability Details CVE-2019-1010161
perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-1010161
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:-
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.012
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.013
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.014
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.015
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.016
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.017
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.018
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.019
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.020
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.021
-
cpe:2.3:a:perl-crypt-jwt_project:perl-crypt-jwt:0.022