data/reports/GO-2022-0564.yaml - vulndb - Git at Google

 id: GO-2022-0564
 modules:
     - module: github.com/biscuit-auth/biscuit-go
       vulnerable_at: 1.0.0
       packages:
         - package: github.com/biscuit-auth/biscuit-go
 summary: Signature forgery in github.com/biscuit-auth/biscuit-go
 description: |-
     An attacker can forge Biscuit v1 tokens with any access level.

     There is no known workaround for Biscuit v1. The Biscuit v2 specification avoids
     this vulnerability.
 published: 2022-08-15T18:02:15Z
 cves:
     - CVE-2022-31053
 ghsas:
     - GHSA-75rw-34q6-72cr
 references:
     - advisory: https://github.com/advisories/GHSA-75rw-34q6-72cr
 review_status: REVIEWED
	id: GO-2022-0564
	modules:
	- module: github.com/biscuit-auth/biscuit-go
	vulnerable_at: 1.0.0
	packages:
	- package: github.com/biscuit-auth/biscuit-go
	summary: Signature forgery in github.com/biscuit-auth/biscuit-go
	description: \|-
	An attacker can forge Biscuit v1 tokens with any access level.

	There is no known workaround for Biscuit v1. The Biscuit v2 specification avoids
	this vulnerability.
	published: 2022-08-15T18:02:15Z
	cves:
	- CVE-2022-31053
	ghsas:
	- GHSA-75rw-34q6-72cr
	references:
	- advisory: https://github.com/advisories/GHSA-75rw-34q6-72cr
	review_status: REVIEWED