nuǝɯ pǝɥsᴉꞁod mǝu
njwt

Out-of-bounds Read

Severity: low

Overview

All versions of njwt are vulnerable to out-of-bounds reads when a number is passed into the base64urlEncode function.

On Node.js 6.x or lower this can expose sensitive information and on any other version of Node.js this creates a Denial of Service vulnerability.

Remediation

As no fix is currently available it is our recommendation if you currently use this module, validate user input passed into this function or do not use this module until it has been patched.

Vulnerable versions

0.0.0
4 years ago
0.0.1
4 years ago
0.2.0
3 years ago
0.2.1
3 years ago
0.2.2
3 years ago
0.2.3
3 years ago
0.3.0
2 years ago
0.3.1
2 years ago
0.3.2
2 years ago
0.4.0
2 years ago

Unaffected versions

Resources

Advisory timeline

  1. Created

    2018-08-02T15:12:24.499Z
  2. Updated

    2018-08-02T15:14:32.372Z