2 matches found
CVE-2025-30144
fast-jwt provides fast JSON Web Token JWT implementation. Prior to 5.0.6, the fast-jwt library does not properly validate the iss claim based on the RFC 7519. The iss issuer claim validation within the fast-jwt library permits an array of strings as a valid iss value. This design flaw enables a...
CVE-2025-30144
CVE-2025-30144 affects the fast-jwt library prior to 5.0.6, where iss validation incorrectly accepts an array of strings as a valid issuer. This permissive check can let an attacker forge a JWT containing an issuer array like [host, https://valid-iss], which may be accepted by verifiers (especial...