VulnerableCode Package Details - pkg:maven/com.clever-cloud/biscuit-java@1.1.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/com.clever-cloud/biscuit-java@1.1.2

purl	pkg:maven/com.clever-cloud/biscuit-java@1.1.2

Next non-vulnerable version	2.0.0
Latest non-vulnerable version	2.0.0
Risk	4.5

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-b5xa-mgx4-4ubj Aliases: CVE-2022-31053 GHSA-75rw-34q6-72cr	Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid Γ-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification. There are no known workarounds for this issue.	2.0.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T18:26:24.072419+00:00	GitLab Importer	Affected by	VCID-b5xa-mgx4-4ubj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.clever-cloud/biscuit-java/CVE-2022-31053.yml	38.6.0