Home / Vulnerabilities / Critical / JWT kid Parameter Out of Band Command Injection

JWT kid Parameter Out of Band Command Injection

Severity: Critical

Summary#

Invicti detected an Out of Band Command Injection vulnerability inside the kid parameter of a JSON Web Token. It was detected by capturing a DNS A request, which occurs when input data is interpreted as an operating system command.

Use an allow-list of valid values and disallow any other input.

Classifications#

OWASP 2013-A1, OWASP 2017-A1, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, CAPEC-88, CWE-78, WASC-31, ISO27001-A.14.2.5, PCI v3.2-6.5.1

Select Category

Critical
High
Medium
Low
Best Practice
Information

Search Vulnerability

Related Vulnerabilities

JSON Web Token attacks and vulnerabilities
DNS cache poisoning
Pros and Cons of DNS Over HTTPS
SQL injection cheat sheet

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works

Related Articles

Build your resistance to threats. And save hundreds of hours each month.