JWT kid Parameter Out of Band Command Injection

Severity: Critical

Invicti detected an Out of Band Command Injection vulnerability inside the kid parameter of a JSON Web Token. It was detected by capturing a DNS A request, which occurs when input data is interpreted as an operating system command.

  • Use an allow-list of valid values and disallow any other input.
  • OR

    Search Vulnerability

    Build your resistance to threats. And save hundreds of hours each month.

    Get a demo See how it works