VYPR

npm package

express-jwt

pkg:npm/express-jwt

Vulnerabilities (1)

  • CVE-2020-15084Jun 30, 2020
    affected < 6.0.0fixed 6.0.0

    In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are affe