gree/jose – “None” Algorithm treated as valid in tokens
Discription

Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384,…Read More

Back to Main

Subscribe for the latest news: