Связанные уязвимости
redhat
больше 2 лет назад
A flaw was found in the jsonwebtoken package. In affected versions of the jsonwebtoken library, if a malicious actor can modify the key retrieval parameter (referring to the secretOrPublicKey argument from the readme link) of the jwt.verify() function, they can perform remote code execution (RCE).
CVSS3: 7.6
github
больше 2 лет назад
jsonwebtoken has insecure input validation in jwt.verify function