Vulnerability Report: GO-2022-0564
- CVE-2022-31053, GHSA-75rw-34q6-72cr
- Affects: github.com/biscuit-auth/biscuit-go
- Published: Aug 15, 2022
- Modified: Jun 12, 2023
An attacker can forge Biscuit v1 tokens with any access level. There is no known workaround for Biscuit v1. The Biscuit v2 specification avoids this vulnerability.
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-75rw-34q6-72cr.
Affected Packages
-
PathVersionsSymbols
-
all versions, no known fixedall symbols
Aliases
References
Feedback
See anything missing or incorrect?
Suggest an edit to this report.