All 3 CVE vulnerabilities found in node-jsonwebtoken, with AI-generated Chinese analysis, references, and POCs.
Vendor: auth0
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-23539 | jsonwebtoken unrestricted key type could lead to legacy keys usage CWE-327 | 5.9 | Medium | 2022-12-22 |
| CVE-2022-23540 | jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() CWE-287 | 6.4 | Medium | 2022-12-22 |
| CVE-2022-23541 | jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC CWE-287 | 5.0 | Medium | 2022-12-22 |
All 3 known CVE vulnerabilities affecting node-jsonwebtoken with full Chinese analysis, references, and POCs where available.