DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2015-9235

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2015-9235

CGA ID

CGA-4chm-qjp7-j98q

Summary

Verification Bypass in jsonwebtoken

Description

Versions 4.2.1 and earlier of jsonwebtoken are affected by a verification bypass vulnerability. This is a result of weak validation of the JWT algorithm type, occuring when an attacker is allowed to arbitrarily specify the JWT algorithm.

Recommendation

Update to version 4.2.2 or later.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images