/
DirectorySecurity Advisories
Sign In
Security Advisories

CGA-4chm-qjp7-j98q

Published

Last updated

https://images.chainguard.dev/security/CGA-4chm-qjp7-j98q
Package

jitsucom-jitsu

RepositoryWolfi
Latest Update
Not affected
Aliases
  • CVE-2015-9235
  • GHSA-c7hr-j4mj-j2w6

Severity

Unknown

Summary

Verification Bypass in jsonwebtoken

Description

Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm.

Recommendation

Update to version 4.2.2 or later.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs