VYPR

npm package

json-web-token

pkg:npm/json-web-token

Vulnerabilities (1)

  • CVE-2023-48238HigNov 17, 2023
    affected <= 3.1.1

    joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Versions prior to 4.0.0 are vulnerable to a JWT algorithm confusion attack. On line 86