Lucene search
Redhat.comRH:CVE-2022-23529HistoryJan 11, 2023 - 5:35 a.m.
CVE-2022-23529
2023-01-1105:35:13
redhat.com
access.redhat.com
67
A flaw was found in the jsonwebtoken package. In affected versions of the jsonwebtoken library, if a malicious actor can modify the key retrieval parameter (referring to the secretOrPublicKey argument from the readme link) of the jwt.verify() function, they can perform remote code execution (RCE).
Related
nessus
nessus
Auth0 JsonWebtoken < 9.0.0 Arbitrary File Write (deprecated)
2023-01-13 00:00:00
osv
osv
jsonwebtoken has insecure input validation in jwt.verify function
2022-12-22 03:31:28
thn
thn
hivepro
hivepro
New Vulnerability Found in the JsonWebToken Open-Source Project
2023-01-10 12:11:46
github
github
jsonwebtoken has insecure input validation in jwt.verify function
2022-12-22 03:31:28
cve
cve
CVE-2022-23529
2022-12-21 21:15:00
ibm
ibm
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to jsonwebtoken CVE-2022-23529
2023-01-31 10:30:24
githubexploit
githubexploit
Exploit for CVE-2022-23529
2023-01-16 02:35:54
Exploit for CVE-2022-23529
2023-01-16 02:35:54
veracode
veracode
Improper Input Validation
2022-12-23 05:35:31
Related for RH:CVE-2022-23529