Known vulnerabilities in the jsonwebtoken@8.5.1@8.5.1@8.5.1 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric) Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm such that the library can be misconfigured to use legacy, insecure key types for signature verification. For example, DSA keys could be used with the RS256 algorithm. How to fix Use of a Broken or Risky Cryptographic Algorithm? Upgrade | <9.0.0 |
jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric) Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment via the Note:
This vulnerability affects your application if it supports the usage of both symmetric and asymmetric keys in How to fix Improper Restriction of Security Token Assignment? Upgrade | <9.0.0 |
jsonwebtoken is a JSON Web Token implementation (symmetric and asymmetric) Affected versions of this package are vulnerable to Improper Authentication such that the lack of algorithm definition in the How to fix Improper Authentication? Upgrade | <9.0.0 |