CVE-2015-9235

CVE-2015-9235 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).

Learn more about our Web App Pen Testing.