Advisory #56
| Title | Geyser user impersonation due to incorrect handling of the login JWT |
| CVE ID | CVE-2021-39177 |
| Vendor | GeyserMC |
| Affected product | Geyser |
| Affected versions | <= 1.4.1-SNAPSHOT |
| Vulnerability type | CWE-20: Improper Input Validation |
| Description | Geyser allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. |
| Status | Fixed in 1.4.2-SNAPSHOT |
| Recommendation | Update to 1.4.2-SNAPSHOT or above |