Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID npm:jsjws:20150531
- published 20 Oct 2016
- disclosed 31 Mar 2016
- credit Tim McLean
Introduced: 31 Mar 2016CVE NOT AVAILABLE CWE-592 Open this link in a new tab
How to fix?
jsjws to version 2.0.0 or higher.
Affected versions of this module treated tokens signed with the
none algorithm as a valid token with a verified signature and resulted in giving attackers arbitrary account access.