VYPR

Node Jws

by Brianloveswords

Source repositories

CVEs (1)

  • CVE-2016-1000223higSep 1, 2020
    risk 0.39cvss epss 0.02

    Affected versions of the `jws` package allow users to select what algorithm the server will use to verify a provided JWT. A malicious actor can use this behaviour to arbitrarily modify the contents of a JWT while still passing verification. For the common use case of the JWT as…