Jsonwebtoken Security Vulnerabilities and Issues — Jsonwebtoken CVE List

Auth0Jsonwebtoken

4 matches found

CVE•added 2022/12/22 6:2 p.m.•249 views

CVE-2022-23540

CVE-2022-23540 affects the jsonwebtoken library. In versions

7.6CVSS7AI score0.00532EPSS

CVE•added 2022/12/22 11:20 p.m.•212 views

CVE-2022-23539

CVE-2022-23539 affects jsonwebtoken versions ≤ 8.5.1, where misconfiguration could allow legacy insecure key types to be used for signature verification (e.g., DSA with RS256). The issue has been fixed in v9.0.0, which validates asymmetric key type/algorithm combinations. After upgrading, if you ...

8.1CVSS6.7AI score0.00479EPSS

CVE•added 2022/12/22 5:52 p.m.•210 views

CVE-2022-23541

CVE-2022-23541 affects jsonwebtoken library (

6.3CVSS5.8AI score0.00753EPSS

CVE•added 2018/05/29 8:0 p.m.•92 views

CVE-2015-9235

CVE-2015-9235 affects the jsonwebtoken Node.js module (pre-4.2.2). The vulnerability allows bypass of token verification when a token signed with RS/ES (asymmetric) is presented but validated with a symmetric HS* algorithm due to weak validation of the JWT algorithm type. This leads to potential ...

9.8CVSS9.3AI score0.08322EPSS