Improper Authentication in lua-resty-jwt - CVE-2024-33531
Published: September 19, 2024 / Updated: April 28, 2026
lua-resty-jwt
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and gain unauthorized access to the application by sending a specially crafted JWT with an enc header with the value A256GCM.