Количество 3
Количество 3
CVE-2022-23529
A flaw was found in the jsonwebtoken package. In affected versions of the jsonwebtoken library, if a malicious actor can modify the key retrieval parameter (referring to the secretOrPublicKey argument from the readme link) of the jwt.verify() function, they can perform remote code execution (RCE).
CVE-2022-23529
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none.
GHSA-27h2-hvpr-p74q
jsonwebtoken has insecure input validation in jwt.verify function
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-23529 A flaw was found in the jsonwebtoken package. In affected versions of the jsonwebtoken library, if a malicious actor can modify the key retrieval parameter (referring to the secretOrPublicKey argument from the readme link) of the jwt.verify() function, they can perform remote code execution (RCE). | больше 2 лет назад | ||
 | CVE-2022-23529 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The issue is not a vulnerability. Notes: none. | больше 2 лет назад | ||
| GHSA-27h2-hvpr-p74q jsonwebtoken has insecure input validation in jwt.verify function | CVSS3: 7.6 | больше 2 лет назад |
Уязвимостей на страницу