Add support for Java Vuln? (CVE-2022-21449)

[kingthorin]

Is your feature request related to a problem? Please describe.
It would be great if the JWT add-on could check for JWT issues related to CVE-2022-21449.

Describe the solution you'd like
Implement a scan rule/check that can detect something similar to:
https://twitter.com/christophetd/status/1516878071785467904

Sample Vulnerable Application of the JWT Null Signature Vulnerability (CVE-2022-21449)

Describe alternatives you've considered
N/A

Would you like to help fix this issue?
Not at this time.

Additional context
Nothing further.

[snowatlas]

Hi,
i'd like to work one this issue , if i understand i must verify that ECDSA signature with r!=0 and s!=0, and if r=s=0 so this the signature isn't accepted .

[preetkaran20]

Hi @snowatlas ,

Great !!!. Yes you are right. We need to inject the payloads where r and s are 0 for ECDSA.

thanks,
Karan