Skip to content

jmiettinen/CVE-2022-21449-vuln-test

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.mvn/wrapper
.mvn/wrapper
 
 
src/main
src/main
 
 
.gitignore
.gitignore
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 
readme.md
readme.md
 
 

Repository files navigation

CVE-2022-21449 Vulnerability tester

Introduction

There's a new CVE-2022-21449 that had bug in ECDSA signature verification. It's one of the algorithms used with JWT for example. Citing the blog post

If you have deployed Java 15, Java 16, Java 17, or Java 18 in production then you should stop what you are doing and immediately update to install the fixes in the April 2022 Critical Patch Update.

Running

./gradlew package && java -jar target/vulntest.jar

Will state VULNERABLE in case the JVM you used to run it is vulnerable to the signature verification bug and not vulnerable otherwise. Your JVM vendor and version will also be printed just to be sure that

About

CVE-2022-21449 Vulnerability tester

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages