Lucene search
+L

4 matches found

Cvelist
Cvelist
added 2026/04/06 5:2 p.m.17 views

CVE-2026-35042 fast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token...

7.5CVSS0.00155EPSS
Exploits1References2
OSV
OSV
added 2026/04/06 5:2 p.m.2 views

CVE-2026-35042 fast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token...

7.5CVSS5.9AI score0.00155EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/04/03 10:1 p.m.8 views

@jsprismarine/client (>=0.12.2-unstable-20250320195345 <=0.13.1-unstable-20250503082416), @jsprismarine/prismarine (>=0.12.2-unstable-20250320195345 <=0.13.1-unstable-20250503082416) +1 more potentially affected by CVE-2026-35042 via fast-jwt (>=6.0.0 <=6.0.1)

fast-jwt NPM version =6.0.0, =0.12.2-unstable-20250320195345, =0.12.2-unstable-20250320195345, =0.12.2-unstable-20250320195345, =0.13.1-unstable-20250503082416 Source cves: CVE-2026-35042 Source advisory: SNYK:JS-FASTJWT-15907854...

7.5CVSS5.4AI score0.00155EPSS
Exploits1
Circl
Circl
added 2026/04/02 8:54 a.m.5 views

CVE-2026-35042

creationtimestamp| type| source ---|---|--- 2026-04-02 08:54:15+00:00| published-proof-of-concept| https://github.com/nearform/fast-jwt/security/advisories/GHSA-hm7r-c7qw-ghp6 2026-04-06 17:19:10+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitripteju2x 2026-04-06...

7.5CVSS5.7AI score0.00155EPSS
Exploits1References4
Rows per page
Query Builder