Critical severity9.8NVD Advisory· Published May 29, 2018· Updated Jun 17, 2026
CVE-2016-10525
CVE-2016-10525
Description
When attempting to allow authentication mode try in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
hapi-auth-jwt2npm | >= 5.1.1, < 5.1.2 | 5.1.2 |
Affected products
2- HackerOne/hapi-auth-jwt2 node modulev5Range: 5.1.1
Patches
Vulnerability mechanics
References
6- github.com/dwyl/hapi-auth-jwt2/issues/111nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-mg8r-9g6j-hwv9ghsaADVISORY
- github.com/dwyl/hapi-auth-jwt2/pull/112nvdThird Party AdvisoryWEB
- nodesecurity.io/advisories/81nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2016-10525ghsaADVISORY
- www.npmjs.com/advisories/81ghsaWEB
News mentions
0No linked articles in our index yet.