by @mhzcyber
12 Jan 2023

JWT Arbitrary Command Execution - CVE-2022–23529

by @mhzcyber
12 Jan 2023

JWT Arbitrary Command Execution - CVE-2022–23529

CVEs

9.8 Critical Severity

Apps

*.*
7.1.9.*
7.1.8.*
7.1.7.*
7.1.10.*
8.2.0.*
8.1.0.*
8.3.0.*
8.4.0.*
5.4.0.*

Screenshots from the blog posts

blog-posts/images/clcth9xsyjmro0jrv6j486n47.pngblog-posts/images/clcth9xsyjmro0jrv6j486n47.png

Summary

I'm trying to analyze JsonWebToken CVE-2022–23529 and see if there is a possibility or how I may proceed to find a way to achieve full RCE, however, after the analysis, I'm not sure if this is possible.

Description

users/photos/clr6vsmml0vl21hn13643hl0n.jpg

@mhzcyber

68 posts

Security Researcher | Cyber Security Labs Developer | Upwork Top Rated CyberSecurity

Total vcoins

132.8K

Badges

badges/images/clemwgql90gww0jnxh6rbcqsr.png

Memelord

badges/images/clktw0fnh0pci1inadxpbcwpn.png

Shawarma King

Social media links

Comments (0)