Auth0 Jsonwebtoken
4 CVEs affecting Auth0 Jsonwebtoken. Latest disclosed: 2022-12-23. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-9235 | Critical | 9.8 | 2018-05-29 | In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES fami… |
CVE-2022-23540 | Medium | 6.4 | 2022-12-22 | In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to def… |
CVE-2022-23539 | Medium | 5.9 | 2022-12-23 | Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA ke… |
CVE-2022-23541 | Medium | 5.0 | 2022-12-22 | jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented k… |