EUVD-2024-1390

Malicious code in bioql PyPI...

@adyen/adyen-salesforce-pwa (>=1.0.0 <=1.2.0), @argodigital/formula-request (>=1.0.0 <=1.1.1) +135 more potentially affected by CVE-2024-34273 via njwt (>=0.0.1 <=2.0.0)

njwt NPM version =0.0.1, =1.0.0, =1.0.0, =0.10.1, =0.1.1, =0.1.0, =0.1.0, =0.2.0, =1.0.0, =1.1.0, =0.0.1, =1.0.0, =1.1.25 - @harrymoore/jwt-proxy =1.0.0 - @iarna/atest =1.1.0 and more Source cves: CVE-2024-34273 Source advisory: OSV:GHSA-3HVJ-2783-34X2...

CVE-2024-34273

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...

CVE-2024-34273

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...

njwt 安全漏洞

njwt is the cleanest JSON Web Token JWT library for Node.js developers. A security vulnerability exists in njwt version v0.4.0 and earlier, which stems from the inclusion of a prototype contamination vulnerability found in the Parser.prototype.parse method...

@funcmatic/token-verifier (=1.3.0-alpha), @gaincompliance/hapi-auth-stormpath (>=1.0.0 <=1.1.25) +69 more potentially affected by unknown CVE via njwt (>=0.0.1 <=0.4.1)

njwt NPM version =0.0.1, =1.0.0, =0.0.2, =1.1.35, =1.0.21, =1.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0-rc1, =0.0.1, =0.0.3, =0.7.0, =1.0.0, =1.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G3QW-9PGP-XPJ4...