Vulnerabilities > Auth0 > Jsonwebtoken > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-23 CVE-2022-23539 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Auth0 Jsonwebtoken
Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification.
network
low complexity
auth0 CWE-327
8.1
2022-12-22 CVE-2022-23540 Improper Verification of Cryptographic Signature vulnerability in Auth0 Jsonwebtoken
In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification.
network
low complexity
auth0 CWE-347
7.6