json-web-token@3.1.1 vulnerabilities
JSON Web Token (JWT) is a compact token format intended for space constrained environments such as HTTP Authorization headers and URI query parameters.
-
latest version
3.2.0
-
first published
10 years ago
-
latest version published
5 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the json-web-token package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
json-web-token is a JSON Web Token (JWT) is a compact token format intended for space constrained environments such as HTTP Authorization headers and URI query parameters. Affected versions of this package are vulnerable to Improper Input Validation due to improper signature verification of the JWA token, allowing an attacker to exploit this vulnerability by crafting a malicious JWT token containing the HS256 algorithm signed with the public RSA key of the victim application. This is only exploitable if the RS256 algorithm is in use. How to fix Improper Input Validation? There is no fixed version for |
*
|