| id: GO-2022-0564 |
| modules: |
| - module: github.com/biscuit-auth/biscuit-go |
| vulnerable_at: 1.0.0 |
| packages: |
| - package: github.com/biscuit-auth/biscuit-go |
| summary: Signature forgery in github.com/biscuit-auth/biscuit-go |
| description: |- |
| An attacker can forge Biscuit v1 tokens with any access level. |
| |
| There is no known workaround for Biscuit v1. The Biscuit v2 specification avoids |
| this vulnerability. |
| published: 2022-08-15T18:02:15Z |
| cves: |
| - CVE-2022-31053 |
| ghsas: |
| - GHSA-75rw-34q6-72cr |
| references: |
| - advisory: https://github.com/advisories/GHSA-75rw-34q6-72cr |
| review_status: REVIEWED |