Lucene search
Veracode Vulnerability DatabaseVERACODE:25795HistoryJul 01, 2020 - 6:06 a.m.
Authorization Bypass
2020-07-0106:06:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
57.5%
express-jwt is vulnerable to authentication bypass. The algorithms entry which are to be specified in the configuration are not enforced and when they are not specified in the configuration, it can lead to authorization bypass when used with jwks-rsa.
| CPE | Name | Operator | Version |
|---|---|---|---|
| express-jwt | le | 5.3.3 | |
| express-jwt | eq | 3.3.0 | |
| express-jwt | le | 5.3.3 | |
| express-jwt | eq | 3.3.0 |
Related
cvelist
cvelist
CVE-2020-15084 Authorization bypass in express-jwt
2020-06-30 16:10:12
nvd
nvd
CVE-2020-15084
2020-06-30 16:15:15
prion
prion
Authorization
2020-06-30 16:15:00
github
github
Authorization bypass in express-jwt
2020-06-30 16:05:24
cve
cve
CVE-2020-15084
2020-06-30 16:15:15
osv
osv
CVE-2020-15084
2020-06-30 16:15:15
Authorization bypass in express-jwt
2020-06-30 16:05:24
ibm
ibm