Auth0 Node-jsonwebtoken
3 CVEs affecting Auth0 Node-jsonwebtoken. Latest disclosed: 2022-12-22. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-23540 | Medium | 6.4 | 2022-12-22 | In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to def… |
CVE-2022-23539 | Medium | 5.9 | 2022-12-22 | Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA ke… |
CVE-2022-23541 | Medium | 5.0 | 2022-12-22 | jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented k… |