Lucene search

K
githubGitHub Advisory DatabaseGHSA-9GXV-X7RP-R2HC
HistoryMay 15, 2024 - 9:47 p.m.

gree/jose - "None" Algorithm treated as valid in tokens

2024-05-1521:47:39
GitHub Advisory Database
github.com
20
jwt
libraries
vulnerabilities
verification
asymmetric keys

AI Score

7.3

Confidence

Low

Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512).

Affected configurations

Vulners
Node
greejoseRange2.2.0
VendorProductVersionCPE
greejose*cpe:2.3:a:gree:jose:*:*:*:*:*:*:*:*

AI Score

7.3

Confidence

Low