Express Jwt
1 CVEs
product
Monthly
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Node.js
Authentication Bypass
Express Jwt
NVD
GitHub
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-15084
npm
EPSS 1%
CVSS 9.1
CRITICAL
PATCH
Act Now
In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Node.js
Authentication Bypass
Express Jwt
NVD
GitHub