Описание
Out-of-bounds Read in njwt
Versions of njwt prior to 1.0.0 are vulnerable to out-of-bounds reads when a number is passed into the base64urlEncode function.
On Node.js 6.x or lower this can expose sensitive information and on any other version of Node.js this creates a Denial of Service vulnerability.
Recommendation
Upgrade to version 1.0.0.
Пакеты
Наименование
njwt
npm
Затронутые версииВерсия исправления
< 1.0.0
1.0.0
Дефекты
CWE-125
Дефекты
CWE-125