Node.js Package: jsonwebtoken < 9.0.0 - Multiple Vulnerabilities #179
Description
Describe the bug
Impact: Exposure of Sensitive Information, Manipulation of Data, Denial of Service (DoS)
-
For jsonwebtoken library, if a malicious actor has the ability to modify the key retrieval parameter (referring to the secretOrPublicKey argument from the readme link) of the jwt.verify() function, they can gain remote code execution. [CVE-2022-23529]
-
jsonwebtoken library could be misconfigured so that legacy, insecure key types are used for signature verification. [CVE-2022-23539]
-
For jsonwebtoken library, lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. [CVE-2022-23540]
-
jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function (referring to the secretOrPublicKey argument from the readme link) will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. [CVE-2022-23541]
To Reproduce
Steps to reproduce the behavior:
NA
Expected behavior
NA
Screenshots
NA
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Smartphone (please complete the following information):
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
** MindSphere Plan **
- start for free
- iot value plan
- developer plan
- operator plan
Additional context
Add any other context about the problem here.