Description
Versions of njwt prior to 1.0.0 are vulnerable to out-of-bounds reads when a number is passed into the base64urlEncode function.
On Node.js 6.x or lower this can expose sensitive information and on any other version of Node.js this creates a Denial of Service vulnerability.
Recommendation
Update the njwt package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.0
- Patched version(s): 1.0.0
References
Related Issues
- njwt Prototype Pollution vulnerability - CVE-2024-34273
- Simditor XSS Vulnerability - CVE-2018-6464
- Open Redirect in url-parse - CVE-2018-3774
- DLL Injection in kerberos - CVE-2020-13110
- Tags:
- npm
- njwt
Anything's wrong? Let us know Last updated on January 09, 2023