2 matches found
CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...
Improper Verification of Cryptographic Signature
Overview jws is an Implementation of JSON Web Signatures Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the createVerify function when using HS256 HMAC algorithms and incorporating user-provided data from the JSON Web Signature Protected...