fast-jwt is vulnerable to JWT Algorithm Confusion. The vulnerability is caused by a missing validation on publicKeyPemMatcher constant defined in fast-jwt/src/crypto.js which is used to match all common PEM formats for public keys. An attacker can craft a malicious JWT token utilizing the HS256 algorithm, signed with the public RSA key of the victim application. This attack works only if the victim application utilizes a public key containing the BEGIN RSA PUBLIC KEY header and uses the RS256 algorithm with the JWT verify function called without explicitly providing an…Read More