16 matches found
EUVD-2024-1390
Malicious code in bioql PyPI...
CVE-2024-34273
njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...
njwt Prototype Pollution vulnerability
njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...
@adyen/adyen-salesforce-pwa (>=1.0.0 <=1.2.0), @argodigital/formula-request (>=1.0.0 <=1.1.1) +135 more potentially affected by CVE-2024-34273 via njwt (>=0.0.1 <=2.0.0)
njwt NPM version =0.0.1, =1.0.0, =1.0.0, =0.10.1, =0.1.1, =0.1.0, =0.1.0, =0.2.0, =1.0.0, =1.1.0, =0.0.1, =1.0.0, =1.1.25 - @harrymoore/jwt-proxy =1.0.0 - @iarna/atest =1.1.0 and more Source cves: CVE-2024-34273 Source advisory: OSV:GHSA-3HVJ-2783-34X2...
CVE-2024-34273
njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...
CVE-2024-34273
njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...
CVE-2024-34273
CVE-2024-34273 affects njwt up to v0.4.0, with a prototype pollution flaw in Parser.prototype.parse. Public records consistently identify the issue as this library’s Parser.parse pollution vector, not a general exploit chain. CVSS metrics document Network access, high complexity, and no privilege...
CVE-2024-34273
njwt up to v0.4.0 was discovered to contain a prototype pollution in the Parser.prototype.parse method...
PT-2024-25776 · Njwt · Njwt
Name of the Vulnerable Software and Affected Versions: njwt versions up to 0.4.0 Description: The issue is related to a prototype pollution in the Parser.prototype.parse method. This method is part of the njwt library, which suggests the pollution occurs during the parsing process, potentially...
njwt 安全漏洞
njwt is the cleanest JSON Web Token JWT library for Node.js developers. A security vulnerability exists in njwt version v0.4.0 and earlier, which stems from the inclusion of a prototype contamination vulnerability found in the Parser.prototype.parse method...
Out-of-bounds Read in njwt
Versions of njwt prior to 1.0.0 are vulnerable to out-of-bounds reads when a number is passed into the base64urlEncode function. On Node.js 6.x or lower this can expose sensitive information and on any other version of Node.js this creates a Denial of Service vulnerability. Recommendation Upgrade...
@funcmatic/token-verifier (=1.3.0-alpha), @gaincompliance/hapi-auth-stormpath (>=1.0.0 <=1.1.25) +69 more potentially affected by unknown CVE via njwt (>=0.0.1 <=0.4.1)
njwt NPM version =0.0.1, =1.0.0, =0.0.2, =1.1.35, =1.0.21, =1.0.0, =2.0.0, =1.0.0, =1.0.0, =1.0.0-rc1, =0.0.1, =0.0.3, =0.7.0, =1.0.0, =1.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G3QW-9PGP-XPJ4...
GHSA-G3QW-9PGP-XPJ4 Out-of-bounds Read in njwt
Versions of njwt prior to 1.0.0 are vulnerable to out-of-bounds reads when a number is passed into the base64urlEncode function. On Node.js 6.x or lower this can expose sensitive information and on any other version of Node.js this creates a Denial of Service vulnerability. Recommendation Upgrade...
Out-of-bounds Read
Overview Versions of njwt prior to 1.0.0 are vulnerable to out-of-bounds reads when a number is passed into the base64urlEncode function. On Node.js 6.x or lower this can expose sensitive information and on any other version of Node.js this creates a Denial of Service vulnerability. Recommendatio...
Uninitialized Buffer Allocation
njwt is vulnerable to uninitialized buffer allocation attacks. The library contains an uninitialized memory allocation when handling a large number, which can allow a malicious user to gain access to sensitive information or crash the application...
Node.js third-party modules: `njwt` allocates uninitialized Buffers when number is passed in base64urlEncode input
I would like to report an uninitialized Buffer allocation issue in njwt. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON. Module module name: njwt version: 0.4.0 npm page:...