JWT kid Parameter Out of Band Command Injection

Severity:

Critical

Summary

Invicti detected an Out of Band Command Injection vulnerability inside the kid parameter of a JSON Web Token. It was detected by capturing a DNS A request, which occurs when input data is interpreted as an operating system command.

Use an allow-list of valid values and disallow any other input.

Impact

Remediation

Required Skills for Successful Exploitation

Actions To Take

Classifications

CAPEC-88

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

CrushFTP Server Detected

Joomla Detected

Ampache Detected

TinyMCE Identified

React Identified

JWT kid Parameter Out of Band Command Injection

Vulnerability Index

Select Category

Select Vulnerability

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.