fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt prior to 6.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the incorrect creation of unique keys using the custom cacheKeyBuilder method, which could lead to cache conflicts and...

CVE-2025-30144 Fast-JWT Improperly Validates iss Claims

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...