This listing is archived.

More by this author

Information

Author: Union Digital Bank
Type: Plug-in (Function & Smart Service)
Industry: All Industries
Compatible Version(s): 20.4+
First Released: 10 Nov 2020
Last Updated: 20 Oct 2022
Cost: Not Applicable
* Cost information is not applicable since this listing is archived.

JWT Functions

Overview

Allows for an additional layer of security using signed JWT. This plug-in may also be used to integrate with external systems using JWS.

Key Functionality and Features

jwtsign - Create a signed JWT using HS256, HS384, HS512, ES256, ES384, ES512, RS256, RS384, or RS512
jwtverify - Verify signed JWT
jwtgeneratesecretkey - Generate an Hmac-SHA key that can be used to sign a JWT using HS* algorithm
jwtdecode - Decode a JWT without verifying the signature

Uses JWTKs JJWT library: https://github.com/jwtk/jjwt

Parents

chandhinir0002 over 1 year ago

Hi,

We are facing some vulnerability issue while scanning this plugin. Kindly help to check.

Issue:

jackson-databind before 2.13.0 allows a stack overflow exception and denial of service via a large depth of nested objects.

Thanks in advance!
- Cancel
- Up 0 Down
- Reply
- More
- Cancel

Comment

chandhinir0002 over 1 year ago

Hi,

We are facing some vulnerability issue while scanning this plugin. Kindly help to check.

Issue:

jackson-databind before 2.13.0 allows a stack overflow exception and denial of service via a large depth of nested objects.

Thanks in advance!
- Cancel
- Up 0 Down
- Reply
- More
- Cancel

Children

jraaquino over 1 year ago in reply to chandhinir0002

Thanks for the feedback, I'll look into updating the library version
- Cancel
- Up 0 Down
- Reply
- More
- Cancel