Lucene search
Veracode Vulnerability DatabaseVERACODE:38569HistoryDec 23, 2022 - 5:35 a.m.
Improper Input Validation
2022-12-2305:35:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
63
jsonwebtoken is vulnerable to improper input validation. A remote attacker is able to write arbitrary files on the host machine via the secretOrPublicKey argument from the readme link of the jwt.verify() function due to improper input validation. The vulnerability is only possible if untrusted entities are allowed to modify the key retrieval parameter of the jwt.verify() on a host that you control.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jsonwebtoken | le | 8.5.1 | |
| jsonwebtoken | le | 7.1.0 | |
| jsonwebtoken | le | 8.5.1 | |
| jsonwebtoken | le | 8.5.1 | |
| jsonwebtoken | le | 7.1.0 | |
| jsonwebtoken | le | 8.5.1 |
References
Related
nessus
nessus
Auth0 JsonWebtoken < 9.0.0 Arbitrary File Write (deprecated)
2023-01-13 00:00:00
osv
osv
jsonwebtoken has insecure input validation in jwt.verify function
2022-12-22 03:31:28
redhatcve
redhatcve
CVE-2022-23529
2023-01-11 05:35:13
thn
thn
hivepro
hivepro
New Vulnerability Found in the JsonWebToken Open-Source Project
2023-01-10 12:11:46
ibm
ibm
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to jsonwebtoken CVE-2022-23529
2023-01-31 10:30:24
cve
cve
CVE-2022-23529
2022-12-21 21:15:00
github
github
jsonwebtoken has insecure input validation in jwt.verify function
2022-12-22 03:31:28
githubexploit
githubexploit
Exploit for CVE-2022-23529
2023-01-16 02:35:54
Exploit for CVE-2022-23529
2023-01-16 02:35:54
Related for VERACODE:38569