Auth0 Jsonwebtoken

4 CVEs affecting Auth0 Jsonwebtoken. Latest disclosed: 2022-12-23. Critical: 1, High: 0.

Top CVEs affecting Auth0 Jsonwebtoken
CVESeverityScorePublishedSummary
CVE-2015-9235Critical9.82018-05-29In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES fami…
CVE-2022-23540Medium6.42022-12-22In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to def…
CVE-2022-23539Medium5.92022-12-23Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA ke…
CVE-2022-23541Medium5.02022-12-22jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented k…