Vulnerability	Vulnerable Version
M Improper Protection for Out of Bounds Signal Level Alerts @nocobase/auth is a Affected versions of this package are vulnerable to Improper Protection for Out of Bounds Signal Level Alerts via the official one-click Docker deployment configuration, a public default JWT key was historically provided.. An attacker can gain unauthorized access to administrative functions and sensitive data by forging valid authentication tokens using a known default secret. Note: This is only exploitable if the deployment uses the default Docker configuration without explicitly overriding the JWT secret. How to fix Improper Protection for Out of Bounds Signal Level Alerts? Upgrade `@nocobase/auth` to version 1.9.0-beta.18, 1.9.22, 2.0.0-alpha.52 or higher.	<1.9.0-beta.18>=1.9.0 <1.9.22>=2.0.0-alpha.2 <2.0.0-alpha.52

Improper Protection for Out of Bounds Signal Level Alerts

@nocobase/auth is a

Affected versions of this package are vulnerable to Improper Protection for Out of Bounds Signal Level Alerts via the official one-click Docker deployment configuration, a public default JWT key was historically provided.. An attacker can gain unauthorized access to administrative functions and sensitive data by forging valid authentication tokens using a known default secret.

Note: This is only exploitable if the deployment uses the default Docker configuration without explicitly overriding the JWT secret.

How to fix Improper Protection for Out of Bounds Signal Level Alerts?

Upgrade @nocobase/auth to version 1.9.0-beta.18, 1.9.22, 2.0.0-alpha.52 or higher.

<1.9.0-beta.18>=1.9.0 <1.9.22>=2.0.0-alpha.2 <2.0.0-alpha.52

Go back to all versions of this package