blob: 42b1b81daec627bc5c72e8f173c502f312a09fae [file] [log] [blame]
id: GO-2022-0564
modules:
- module: github.com/biscuit-auth/biscuit-go
vulnerable_at: 1.0.0
packages:
- package: github.com/biscuit-auth/biscuit-go
summary: Signature forgery in github.com/biscuit-auth/biscuit-go
description: |-
An attacker can forge Biscuit v1 tokens with any access level.
There is no known workaround for Biscuit v1. The Biscuit v2 specification avoids
this vulnerability.
published: 2022-08-15T18:02:15Z
cves:
- CVE-2022-31053
ghsas:
- GHSA-75rw-34q6-72cr
references:
- advisory: https://github.com/advisories/GHSA-75rw-34q6-72cr
review_status: REVIEWED