5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.5%
fast-jwt is vulnerable to JWT Algorithm Confusion. The vulnerability is caused by a missing validation on publicKeyPemMatcher
constant defined in fast-jwt/src/crypto.js
which is used to match all common PEM formats for public keys. An attacker can craft a malicious JWT token utilizing the HS256 algorithm, signed with the public RSA key of the victim application. This attack works only if the victim application utilizes a public key containing the BEGIN RSA PUBLIC KEY
header and uses the RS256
algorithm with the JWT verify function called without explicitly providing an algorithm.
github.com/nearform/fast-jwt/blob/master/src/crypto.js#L29
github.com/nearform/fast-jwt/blob/master/src/crypto.js#L29C2-L30C63
github.com/nearform/fast-jwt/commit/15a6e92c9adb39acde41a9b11cec0cbde8ad763b
github.com/nearform/fast-jwt/releases/tag/v3.3.2
github.com/nearform/fast-jwt/security/advisories/GHSA-c2ff-88x2-x9pg
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.5%