Documentation Index
Fetch the complete documentation index at: https://docs.codeant.ai/llms.txt
Use this file to discover all available pages before exploring further.
java-jwt-decode-without-verify
java-jwt-decode-without-verify
Detected the decoding of a JWT token without a verify step. JWT tokens must be verified before use, otherwise the token’s integrity is unknown. This means a malicious actor could forge a JWT token with any claims. Call ‘.verify()’ before using the token.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-345: Insufficient Verification of Data Authenticity
OWASP:
- A08:2021 - Software and Data Integrity Failures
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-345: Insufficient Verification of Data Authenticity
OWASP:
- A08:2021 - Software and Data Integrity Failures