This content is viewable by Everyone
High Vulnerability in the Open Source jsonwebtoken (JWT) Library
NIST reported a High vulnerability the open source jsonwebtoken (JWT) library. An attacker could exploit these vulnerabilities to take control of an affected system. If a malicious actor has the ability to modify the key retrieval parameter (referring to the `secretOrPublicKey` argument from the readme link of the `jwt.verify()` function, they can write arbitrary files on the host machine.
For a complete description of the vulnerabilities and affected systems go to CVE-2022-23529 Detail.
IT Security