2 matches found
CVE-2022-23540 jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
In versions =8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify function. This issu...
PT-2022-16059
Name of the Vulnerable Software and Affected Versions jsonwebtoken versions =8.5.1 Description The jsonwebtoken library could be misconfigured to use legacy, insecure key types for signature verification. For example, DSA keys could be used with the RS256 algorithm. Users are affected if they use...