Lucene search

K

Express-jwt Security Vulnerabilities

cve
cve

CVE-2020-15084

In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this...

9.1CVSS

9.1AI Score

0.002EPSS

2020-06-30 04:15 PM
34