jsonwebtoken is vulnerable to signature validation bypass. The lack of algorithm definition in the jwt.verify()
function leads to signature validation bypass due to defaulting to the none
algorithm for signature verification, which allows an attacker to bypass the verification mechanism.
CPE | Name | Operator | Version |
---|---|---|---|
jsonwebtoken | le | 8.5.1 | |
jsonwebtoken | le | 7.1.0 | |
jsonwebtoken | le | 8.5.1 | |
jsonwebtoken | le | 8.5.1 | |
jsonwebtoken | le | 7.1.0 | |
jsonwebtoken | le | 8.5.1 |