You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While I was doing a npm audit for my Repo, I saw that there is a vulnerab package used and should be updated:
# npm audit report
jsonwebtoken <=8.5.1
Severity: moderate
jsonwebtoken unrestricted key type could lead to legacy keys usage - https://github.com/advisories/GHSA-8cf7-32gw-wr33
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
No fix available
node_modules/jsonwebtoken
@serverless-jwt/jwt-verifier *
Depends on vulnerable versions of jsonwebtoken
node_modules/@serverless-jwt/jwt-verifier
2 moderate severity vulnerabilities
The fix should thus be to use version 9 of jsonwebtoken.
The text was updated successfully, but these errors were encountered:
While I was doing a npm audit for my Repo, I saw that there is a vulnerab package used and should be updated:
The fix should thus be to use version 9 of jsonwebtoken.
The text was updated successfully, but these errors were encountered: