Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Grassroot Subscribe
Filtered by product Grassroot Platform
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29455 1 Grassroot 1 Grassroot Platform 2021-04-28 5.0 MEDIUM 5.3 MEDIUM
Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 2021-04-16 did not properly verify the signature of JSON Web Tokens when refreshing an existing JWT. This allows to forge a valid JWT. The problem has been patched in version 1.3.1 by deprecating the JWT refresh function, which was an overdue deprecation regardless (the "refresh" flow is no longer used).