NIST reported a High vulnerability the open source jsonwebtoken (JWT) library. An attacker could exploit these vulnerabilities to take control of an affected system.  If a malicious actor has the ability to modify the key retrieval parameter (referring to the `secretOrPublicKey` argument from the readme link of the `jwt.verify()` function, they can write arbitrary files on the host machine.

For a complete description of the vulnerabilities and affected systems go to CVE-2022-23529 Detail.

IT Security

Read more about IT Security service offerings.