Popular JsonWebToken Open Source Project Vulnerability Allows Code Execution

Date:

Share post:

Palo Alto Networks’ Unit 42 alerts that a flaw in the free and open-source JsonWebToken JavaScript package could be used to execute code remotely.

JsonWebToken, which is supported by the Auth0 team and has more than 9 million weekly downloads, is used in many applications for authentication and authorization. It was created to assist with the verification and signing of web token (JWT) requests. The vulnerability, identified as CVE-2022-23529 (CVSS 7.6), was discovered in the package’s verify function and can be exploited using a specially crafted JSON JWT request.

Also read: Top 7 Programming Language Trends in 2023

The user-supplied credentials are sent to the authentication endpoint during the authentication process, which verifies the data and generates a JWT signed with a secret key.

TalkDev Bureau
TalkDev Bureau
The TalkDev Bureau has five well-trained writers and journalists, well versed in B2B enterprise technology industry, and constantly in touch with industry leaders for the latest trends, opinions, and other inputs- to bring you the best and latest in the domain.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

Related articles

Mojo Vision Collaborates with DigiLens to Integrate High-Performance micro-LED with Breakthrough SRG+ Technology and Waveguides

Mojo Vision has collaborated with DigiLens to integrate its micro-LED technology with DigiLens' breakthrough surface relief gratings (SRG)...

Airbyte Unveils Data Infrastructure Content Hub for Data Engineers

Airbyte, an open-source data integration platform, declared the launch of a new comprehensive content hub for data engineers...

Why Component-Based is the Future of Front-End Development

Component-based development has transformed the methodologies of front-end development, giving the procedure the much-needed speedup At the time, developers...

Console Connect and Vultr Partner to Deliver On-Demand Cloud Access Worldwide

This week at CloudFest USA, Console Connect, a leading Network-as-a-Service (NaaS) platform, and Vultr, the world’s largest privately held cloud...