{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T07:25:07.556","vulnerabilities":[{"cve":{"id":"CVE-2021-29455","sourceIdentifier":"security-advisories@github.com","published":"2021-04-19T19:15:17.827","lastModified":"2024-11-21T06:01:08.167","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 2021-04-16 did not properly verify the signature of JSON Web Tokens when refreshing an existing JWT. This allows to forge a valid JWT. The problem has been patched in version 1.3.1 by deprecating the JWT refresh function, which was an overdue deprecation regardless (the \"refresh\" flow is no longer used)."},{"lang":"es","value":"Grassroot Platform es una aplicación que hace que sea más rápido, más barato y más fácil organizar y movilizar persistentemente a las personas en comunidades de bajos ingresos. Grassroot Platform versiones anteriores a la implementación maestra a partir del 16-04-2021, no comprobaba apropiadamente la firma de JSON Web Tokens al actualizar un JWT existente. Esto permite falsificar un JWT válido. El problema ha sido parcheado en versión 1.3.1, al desaprobar la función de actualización de JWT, que era una desaprobación vencida independientemente (el flujo de \"refresh\" ya no es usado)"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grassroot:grassroot_platform:*:*:*:*:*:*:*:*","versionEndExcluding":"1.3.1","matchCriteriaId":"945F532A-7668-4C8E-9599-240FCEC2862B"}]}]}],"references":[{"url":"https://github.com/grassrootza/grassroot-platform/","source":"security-advisories@github.com","tags":["Product","Third Party Advisory"]},{"url":"https://github.com/grassrootza/grassroot-platform/commit/a2e6e885f8183a066d938cf909fd813a7af7d67f","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/grassrootza/grassroot-platform/security/advisories/GHSA-f65w-6xw8-6734","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/grassrootza/grassroot-platform/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]},{"url":"https://github.com/grassrootza/grassroot-platform/commit/a2e6e885f8183a066d938cf909fd813a7af7d67f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/grassrootza/grassroot-platform/security/advisories/GHSA-f65w-6xw8-6734","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}