CVE-2021-29451

Summary

Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.

Affected Software

VendorProductVersion RangeStatus
ManyDesignsPortofino>= 5.0.0, < 5.2.1affected

Weaknesses

  • CWE-347: {"CWE-347":"Improper Verification of Cryptographic Signature"}

ADP Enrichment

CVE Program Container

Additional References

References