CVE-2015-9235

Description: In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).

Link: Visit the GitHub Repository

Language: Go

Owner: z-bool

Stars: 0

Forks: 0