{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T20:52:05.638","vulnerabilities":[{"cve":{"id":"CVE-2018-1000531","sourceIdentifier":"cve@mitre.org","published":"2018-06-26T16:29:01.807","lastModified":"2024-11-21T03:40:08.047","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba."},{"lang":"es","value":"inversoft prime-jwt en versiones anteriores al commit con ID abb0d479389a2509f939452a6767dc424bb5e6ba contiene una vulnerabilidad CWE-20 en JWTDecoder.decode que puede resultar en la omisión de la validación de firmas JWT. El ataque parece ser explotable mediante un atacante que manipule un token JWT con una cabecera válida que emplee \"none\" como algoritmo y un cuerpo para que pida que se valide. La vulnerabilidad parece haber sido solucionada tras el commit con ID abb0d479389a2509f939452a6767dc424bb5e6ba."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:inversoft:prime-jwt:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.0","matchCriteriaId":"250F4EFB-97B6-4AAE-B02C-41F9E9D3EA0D"}]}]}],"references":[{"url":"https://github.com/inversoft/prime-jwt/issues/3","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/inversoft/prime-jwt/issues/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}