We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jws is updated to 3.0.0 to mitigate a critical security flaw, hope you can update jws asap.
https://github.com/brianloveswords/node-jws/blob/master/CHANGELOG.md
thx a lot
The text was updated successfully, but these errors were encountered:
If you look at the link in that changelog you will see that it is our own blog post.
We fixed this library (and many others) before we even published the blog post.
We are validating the alg in the verify method in this library already here: https://github.com/auth0/node-jsonwebtoken/blob/master/index.js#L140-L142
alg
verify
If you don't specify algorithms to the verify method, we do some heuristic in the secret you provide:
algorithms
https://github.com/auth0/node-jsonwebtoken/blob/master/index.js#L110-L118
Sorry, something went wrong.
wow, nice. thx a lot :)
Thanks for taking the time to report 😄
No branches or pull requests
jws is updated to 3.0.0 to mitigate a critical security flaw, hope you can update jws asap.
https://github.com/brianloveswords/node-jws/blob/master/CHANGELOG.md
thx a lot
The text was updated successfully, but these errors were encountered: