Affected versions of this module treated tokens signed with the
none algorithm as a valid token with a verified signature and resulted in giving attackers arbitrary account access.
jsjws to version 2.0.0 or higher.
- Tim McLean
- Snyk ID
- 31 Mar, 2016
- 20 Oct, 2016