Home / Vulnerabilities / Critical / JWT kid Parameter Out of Band Command Injection

JWT kid Parameter Out of Band Command Injection

Severity: Critical

Summary#

Invicti detected an Out of Band Command Injection vulnerability inside the kid parameter of a JSON Web Token. It was detected by capturing a DNS A request, which occurs when input data is interpreted as an operating system command.

Use an allow-list of valid values and disallow any other input.

Classifications#

OWASP 2013-A1, CWE-78, PCI v3.2-6.5.1, OWASP 2017-A1, CAPEC-88, ISO27001-A.14.2.5, WASC-31, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

JSON Web Token attacks and vulnerabilities
DNS cache poisoning
Pros and Cons of DNS Over HTTPS
JSON Injection

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works

Related Articles

Build your resistance to threats. And save hundreds of hours each month.