Biscuit-Auth Biscuit vulnerabilities

CVE-2024-42350 [LOW] CWE-668 CVE-2024-42350: Biscuit is an authorization token with decentralized verification, offline attenuation and strong se Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBlock` request can be sent, providing only the necessary info to generate a

CVE-2022-31053 [CRITICAL] CWE-347 CVE-2022-31053: Biscuit is an authentication and authorization token for microservices architectures. The Biscuit sp Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different a