CVE-2023-34429

Last Updated: April 8, 2024

CVE ID: CVE-2023-34429

Title: Weintek Weincloud Improper Handling of Structural Elements Vulnerability

Publication Date: 2023-07-18

Severity: High

Affected Products

Vendor: Weintek

Product: Weincloud Account API

Vulnerable Versions: Version 0.13.6 and prior

Vulnerability Description

The affected product could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.

This vulnerability involves improper handling of structural elements, specifically relating to JWT (JSON Web Token) authentication mechanisms in the Weincloud Account API.

Remediation

Fixed Version: v0.13.8

Users of affected Weincloud Account API versions should upgrade to version 0.13.8 or later to resolve this vulnerability.

Credit

Hank Chen of TXOne Networks

Questions About This Advisory?

Our PSIRT team is here to help with security-related inquiries.

psirt@txone.com

← Back to PSIRT