You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
npm audit
....
jsonwebtoken <=8.5.1
Severity: high
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
jsonwebtoken unrestricted key type could lead to legacy keys usage - https://github.com/advisories/GHSA-8cf7-32gw-wr33
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
jsonwebtoken has insecure input validation in jwt.verify function - https://github.com/advisories/GHSA-27h2-hvpr-p74q
..
Can submit a PR for this but I don't have all the differently configured SharePoint endpoints to run the full set of integration tests so might need some help here.
The text was updated successfully, but these errors were encountered:
lucaselb
added a commit
to lucaselb/node-sp-auth
that referenced
this issue
Jan 26, 2023
node-sp-auth is currently using jsonwebtoken v 8.5.1
jsonwebtoken has recently addressed several CVE's and release v9.0.0
See details of breaking changes here: https://github.com/auth0/node-jsonwebtoken/blob/master/CHANGELOG.md
Can submit a PR for this but I don't have all the differently configured SharePoint endpoints to run the full set of integration tests so might need some help here.
The text was updated successfully, but these errors were encountered: