Lucene search
Veracode Vulnerability DatabaseVERACODE:38575HistoryDec 23, 2022 - 7:07 a.m.
Unrestricted Key Type
2022-12-2307:07:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
jsonwebtoken
vulnerability
bypass
signature
verification
remote attacker
misconfigured
insecure
key types
algorithm
affected
software
EPSS
0.001
Percentile
41.7%
jsonwebtoken uses unrestricted key type. A remote attacker is able to bypass signature verification if the library is misconfigured so that legacy, insecure key types are used for the verification. The user is affected if the library uses an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected.
Related
cve
cve
CVE-2022-23539
2022-12-23 00:15:12
github
github
jsonwebtoken unrestricted key type could lead to legacy keys usage
2022-12-22 03:32:22
cvelist
cvelist
osv
osv
CVE-2022-23539
2022-12-23 00:15:12
jsonwebtoken unrestricted key type could lead to legacy keys usage
2022-12-22 03:32:22
prion
prion
Type confusion
2022-12-23 00:15:00
nvd
nvd
CVE-2022-23539
2022-12-23 00:15:12
redhatcve
redhatcve
CVE-2022-23539
2022-12-23 08:34:49
ibm
ibm
redhat
redhat