Summary The json-web-token library is vulnerable to a JWT algorithm confusion attack. Details On line 86 of the 'index.js' file, the algorithm to use for verifying the signature of the JWT t ...
Continue Reading
December 15, 2023
json-web-token is vulnerable to Json Web Token (JWT) Bypass. The vulnerability is due to an insecure mechanism used while verifying the signature of a JWT. The library blindly trusts the algorithm lis ...
Continue Reading
December 15, 2023
JWT tokens signed using NKeys for Ed25519 for the NATS...Read More ...
Continue Reading
December 15, 2023
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by ...
Continue Reading
December 15, 2023
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-66966ae3d0 advisory. A malicious HTTP/2 client which rapidly creates r ...
Continue Reading
December 15, 2023
joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affect ...
Continue Reading
December 15, 2023
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-66966ae3d0 advisory. A malicious HTTP/2 client which rapidly creates r ...
Continue Reading
December 15, 2023
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKey ...
Continue Reading
December 15, 2023
Back to Main
