CVE-2021-29451: Improper Verification of Cryptographic Signature

April 16, 2021 (updated April 22, 2021)

Portofino is an open source web development framework. Portofino did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming release.

References

github.com/ManyDesigns/Portofino/commit/8e3199b504ebc37a5dd82fad0a8dcfb75668d335
nvd.nist.gov/vuln/detail/CVE-2021-29451

Code Behaviors & Features

Detect and mitigate CVE-2021-29451 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →