jsjws@0.3.2

Vulnerabilities

1 via 1 paths

Dependencies

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

high severity

Authentication Bypass

  • Vulnerable module: jsjws
  • Introduced through: jsjws@0.3.2

Detailed paths

  • Introduced through: jsjws@0.3.2
    Remediation: Upgrade to jsjws@2.0.0.

Overview

The jsjws is a pure JavaScript implementation of JSON Web Signature. JSON Web Tokens are an open, industry standard method for representing claims securely between two parties.

Affected versions of this module treated tokens signed with the none algorithm as a valid token with a verified signature and resulted in giving attackers arbitrary account access.

Remediation

Upgrade jsjws to version 2.0.0 or higher.

References