auth0 Node Jsonwebtoken Vulnerabilities

Auth0 Node-jsonwebtoken vulnerabilities.

JSON RSS CSV 🔔 Create Alert Trigger

23 December 2022

jsonwebtoken unrestricted key type could lead to legacy keys usage
CVE-2022-23539
Auth0Node-jsonwebtoken5.9MEDIUM

22 December 2022

jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
CVE-2022-23540
Auth0Node-jsonwebtoken7.6HIGH
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
CVE-2022-23541
Auth0Node-jsonwebtoken5MEDIUM