namshi/jose - Verification bypass

Published: May 17, 2024
Updated: Jun 27, 2024
GHSA: <a href="https://github.com/advisories/GHSA-4rr6-gf59-ggw5" target="_blank" rel="noopener"> GHSA-4rr6-gf59-ggw5
Severity: Critical
Exploit:

Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512).