JWT kid Parameter Out of Band Command Injection

Severity:

Critical

Summary

Invicti detected an Out of Band Command Injection vulnerability inside the kid parameter of a JSON Web Token. It was detected by capturing a DNS A request, which occurs when input data is interpreted as an operating system command.

Use an allow-list of valid values and disallow any other input.

Impact

Remediation

Required Skills for Successful Exploitation

Actions To Take

Classifications

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Zeptojs Identified

Trac Software Project Management Tool Identified

Server-Side Template Injection (Java FreeMarker)

MathJs Identified

Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive

JWT kid Parameter Out of Band Command Injection

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.