EUVD-2024-1390

Malicious code in bioql PyPI...

CVE-2024-34273

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...

@adyen/adyen-salesforce-pwa (>=1.0.0 <=1.2.0), @argodigital/formula-request (>=1.0.0 <=1.1.1) +135 more potentially affected by CVE-2024-34273 via njwt (>=0.0.1 <=2.0.0)

njwt NPM version =0.0.1, =1.0.0, =1.0.0, =0.10.1, =0.1.1, =0.1.0, =0.1.0, =0.2.0, =1.0.0, =1.1.0, =0.0.1, =1.0.0, =1.1.25 - @harrymoore/jwt-proxy =1.0.0 - @iarna/atest =1.1.0 and more Source cves: CVE-2024-34273 Source advisory: OSV:GHSA-3HVJ-2783-34X2...

njwt Prototype Pollution vulnerability

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...

CVE-2024-34273

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...

CVE-2024-34273

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...

CVE-2024-34273

njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...

CVE-2024-34273

CVE-2024-34273 affects njwt up to v0.4.0, with a prototype pollution flaw in Parser.prototype.parse. Public records consistently identify the issue as this library’s Parser.parse pollution vector, not a general exploit chain. CVSS metrics document Network access, high complexity, and no privilege...

njwt 安全漏洞

njwt is the cleanest JSON Web Token JWT library for Node.js developers. A security vulnerability exists in njwt version v0.4.0 and earlier, which stems from the inclusion of a prototype contamination vulnerability found in the Parser.prototype.parse method...

PT-2024-25776 · Njwt · Njwt

Name of the Vulnerable Software and Affected Versions: njwt versions up to 0.4.0 Description: The issue is related to a prototype pollution in the Parser.prototype.parse method. This method is part of the njwt library, which suggests the pollution occurs during the parsing process, potentially...

@funcmatic/token-verifier (=1.3.0-alpha), @gaincompliance/hapi-auth-stormpath (>=1.0.0 <=1.1.25) +69 more potentially affected by unknown CVE via njwt (>=0.0.1 <=0.4.1)

njwt NPM version =0.0.1, =1.0.0, =0.0.2, =1.1.35, =1.0.21, =1.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0-rc1, =0.0.1, =0.0.3, =0.7.0, =1.0.0, =1.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G3QW-9PGP-XPJ4...

GHSA-G3QW-9PGP-XPJ4 Out-of-bounds Read in njwt

Versions of njwt prior to 1.0.0 are vulnerable to out-of-bounds reads when a number is passed into the base64urlEncode function. On Node.js 6.x or lower this can expose sensitive information and on any other version of Node.js this creates a Denial of Service vulnerability. Recommendation Upgrade...

Out-of-bounds Read in njwt

Versions of njwt prior to 1.0.0 are vulnerable to out-of-bounds reads when a number is passed into the base64urlEncode function. On Node.js 6.x or lower this can expose sensitive information and on any other version of Node.js this creates a Denial of Service vulnerability. Recommendation Upgrade...

Out-of-bounds Read

Overview Versions of njwt prior to 1.0.0 are vulnerable to out-of-bounds reads when a number is passed into the base64urlEncode function. On Node.js 6.x or lower this can expose sensitive information and on any other version of Node.js this creates a Denial of Service vulnerability. Recommendatio...

Uninitialized Buffer Allocation

njwt is vulnerable to uninitialized buffer allocation attacks. The library contains an uninitialized memory allocation when handling a large number, which can allow a malicious user to gain access to sensitive information or crash the application...

Node.js third-party modules: `njwt` allocates uninitialized Buffers when number is passed in base64urlEncode input

I would like to report an uninitialized Buffer allocation issue in njwt. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON. Module module name: njwt version: 0.4.0 npm page:...