VYPR

express-jwt

by Auth0

npm: express-jwt

Source repositories

CVEs (1)

  • CVE-2020-15084Jun 30, 2020
    risk 0.00cvss epss 0.01

    In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. You are…