Description

Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.

Remediation

References

https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

https://github.com/hokaccha/node-jwt-simple/pull/14

https://github.com/hokaccha/node-jwt-simple/pull/16

https://nodesecurity.io/advisories/87

Related Vulnerabilities

CVE-2018-1000067 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-24728 Vulnerability in maven package org.webjars.bowergithub.ckeditor:ckeditor4

CVE-2018-5382 Vulnerability in maven package org.bouncycastle:bcprov-jdk16

CVE-2020-28502 Vulnerability in maven package org.webjars.npm:xmlhttprequest-ssl

CVE-2019-19771 Vulnerability in npm package baes-x

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Broken Link Third Party Advisory Issue Tracking