modules: | |
- module: github.com/biscuit-auth/biscuit-go | |
vulnerable_at: 1.0.0 | |
packages: | |
- package: github.com/biscuit-auth/biscuit-go | |
description: | | |
An attacker can forge Biscuit v1 tokens with any access level. | |
There is no known workaround for Biscuit v1. The Biscuit v2 specification | |
avoids this vulnerability. | |
published: 2022-08-15T18:02:15Z | |
cves: | |
- CVE-2022-31053 | |
ghsas: | |
- GHSA-75rw-34q6-72cr | |
references: | |
- advisory: https://github.com/advisories/GHSA-75rw-34q6-72cr |