Lucene search
PRIOn knowledge basePRION:CVE-2020-15084HistoryJun 30, 2020 - 4:15 p.m.
Authorization
2020-06-3016:15:00
PRIOn knowledge base
www.prio-n.com
4
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affected by this vulnerability if all of the following conditions apply: - You are using express-jwt - You do not have algorithms configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as thesecret. You can fix this by specifyingalgorithms in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.
| CPE | Name | Operator | Version |
|---|---|---|---|
| express-jwt | le | 5.3.3 |
Related
veracode
veracode
Authorization Bypass
2020-07-01 06:06:40
cvelist
cvelist
CVE-2020-15084 Authorization bypass in express-jwt
2020-06-30 16:10:12
nvd
nvd
CVE-2020-15084
2020-06-30 16:15:15
github
github
Authorization bypass in express-jwt
2020-06-30 16:05:24
cve
cve
CVE-2020-15084
2020-06-30 16:15:15
osv
osv
CVE-2020-15084
2020-06-30 16:15:15
Authorization bypass in express-jwt
2020-06-30 16:05:24
ibm
ibm