← Back to CVE List

CVE-2021-29455

Published: 2021-04-19T19:15Z
Last Modified: 2024-11-21T06:01Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Grassroot Platform is an application to make it faster, cheaper and easier to persistently organize and mobilize people in low-income communities. Grassroot Platform before master deployment as of 2021-04-16 did not properly verify the signature of JSON Web Tokens when refreshing an existing JWT. This allows to forge a valid JWT. The problem has been patched in version 1.3.1 by deprecating the JWT refresh function, which was an overdue deprecation regardless (the "refresh" flow is no longer used). > MITRE Terms of Use apply – see LICENSE‑MITRE.txt