In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Inadequate Encryption Strength vulnerabilities in an interactive lesson.
Start learningUpgrade joserfc to version 1.6.8 or higher.
Affected versions of this package are vulnerable to Inadequate Encryption Strength in the verify process. An attacker can gain unauthorized access and forge arbitrary claims by submitting tokens signed with an empty or null key, which are incorrectly accepted as valid signatures. This is only exploitable if the verification key is set to an empty string or None, such as when a secret is missing from configuration or environment variables.