{"id":"CVE-2019-1010161","details":"perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. The impact is: bypass authentication. The component is: JWT.pm for JWT security token, line 614 in _decode_jws(). The attack vector is: network connectivity(crafting user-controlled input to bypass authentication). The fixed version is: 0.023.","modified":"2026-03-14T09:31:35.654605Z","published":"2019-07-25T14:15:11.453Z","references":[{"type":"ADVISORY","url":"https://github.com/DCIT/perl-Crypt-JWT/issues/3#issuecomment-417947483"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/dcit/perl-crypt-jwt","events":[{"introduced":"0"},{"last_affected":"3f09a47887e25c5056a4e434d7558d4542bf049b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.022"}]}}],"versions":["v0.012","v0.013","v0.014","v0.015","v0.016","v0.017","v0.018","v0.019","v0.020","v0.021","v0.022"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1010161.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}