You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Verification Bypass in jsonwebtoken
Critical severity
GitHub Reviewed
Published
Oct 9, 2018
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm.
Versions 4.2.1 and earlier of
jsonwebtoken
are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm.Recommendation
Update to version 4.2.2 or later.
References