CVE-2021-29500

Summary

bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs.

Affected Software

VendorProductVersion RangeStatus
fxbinbubble-fireworks< 2021.BUILD-SNAPSHOTaffected

Weaknesses

  • CWE-347: CWE-347: Improper Verification of Cryptographic Signature

ADP Enrichment

CVE Program Container

Additional References

References