jwcrypto@0.3.1 vulnerabilities
Implementation of JOSE Web standards
-
latest version
1.5.6
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
2 months ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the jwcrypto package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an unbounded PBES2 Count value in the PBKDF2 algorithm. An attacker can cause a denial of service by supplying a large PBES2 Count value, leading to excessive computation. This is only exploitable if applications allow the use of the PBKDF2 algorithm. How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,1.5.1)
|
Affected versions of this package are vulnerable to Authentication Bypass because it is possible to auto-detect the type of token being provided. This can lead the application to incorrect conclusions about the trustworthiness of the token. How to fix Authentication Bypass? Upgrade |
[,1.4)
|
|
[,0.3.2)
|