Lucene search
Jwt-simple Node Module Security Vulnerabilities
cve
Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key.....
6.5CVSS
6.3AI Score
0.001EPSS
2018-05-31 08:29 PM
28
2