CVE-2021-29500

EUVD-2021-16096
bubble fireworks is an open source java package relating to Spring Framework. In bubble fireworks before version 2021.BUILD-SNAPSHOT there is a vulnerability in which the package did not properly verify the signature of JSON Web Tokens. This allows to forgery of valid JWTs.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
bubble_fireworks_projectbubble_fireworks
𝑥
< 2021.build-snapshot
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/fxbin/bubble-fireworks/security/advisories/GHSA-hj36-84cp-29pr
https://github.com/fxbin/bubble-fireworks/security/advisories/GHSA-hj36-84cp-29pr