express-jwt is vulnerable to authentication bypass. The algorithms entry which are to be specified in the configuration are not enforced and when they are not specified in the configuration, it can lead to authorization bypass when used with jwks-rsa.
CPE | Name | Operator | Version |
---|---|---|---|
express-jwt | le | 5.3.3 | |
express-jwt | eq | 3.3.0 | |
express-jwt | le | 5.3.3 | |
express-jwt | eq | 3.3.0 |