@overnightjs/jwt@1.0.7

Vulnerabilities

1 via 1 paths

Dependencies

75

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Authorization Bypass

  • Vulnerable module: express-jwt
  • Introduced through: express-jwt@5.3.3

Detailed paths

  • Introduced through: @overnightjs/jwt@1.0.7 express-jwt@5.3.3
    Remediation: Upgrade to @overnightjs/jwt@1.1.19.

Overview

express-jwt is a JWT authentication middleware.

Affected versions of this package are vulnerable to Authorization Bypass. The algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass.

Remediation

Upgrade express-jwt to version 6.0.0 or higher.

References