fast-jwt 安全漏洞

fast-jwt is a JSON Web Token implementation open-sourced by Nearform. Versions of fast-jwt prior to 6.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the incorrect creation of unique keys using the custom cacheKeyBuilder method, which could lead to cache conflicts and...

EUVD-2021-1244

Malware in sbrugna...

CVE-2025-30144 Fast-JWT Improperly Validates iss Claims

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Nimbus-JOSE-JWT

Summary A vulnerability has been identified in Nimbus-JOSE-JWT-7.9, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id...

Security update for rubygem-json-jwt (moderate)

openSUSE Security Update: Security update for rubygem-json-jwt Announcement ID: openSUSE-SU-2025:0004-1 Rating: moderate References: 1156649 1220727 Cross-References: CVE-2019-18848 CVE-2023-51774 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes two vulnerabilities is now...

PT-2022-20464 · Osv · Osv

Name of the Vulnerable Software and Affected Versions: OSV affected versions not specified Description: The issue concerns the JWT code's ability to auto-detect token types, potentially leading to incorrect conclusions about token trustworthiness. Under certain circumstances, an attacker can...