{"source":1097694,"name":"jsonwebtoken","dependency":"jsonwebtoken","title":"jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC","url":"https://github.com/advisories/GHSA-hjrf-2m68-5959","severity":"moderate","versions":["0.1.0","0.2.0","0.3.0","0.4.0","0.4.1","1.0.0","1.0.2","1.1.0","1.1.1","1.1.2","1.2.0","1.3.0","2.0.0","3.0.0","3.1.0","3.1.1","3.2.0","3.2.1","3.2.2","4.0.0","4.1.0","4.2.0","4.2.1","4.2.2","5.0.0","5.0.1","5.0.2","5.0.3","5.0.4","5.0.5","5.1.0","5.2.0","5.3.1","5.4.0","5.4.1","5.5.0","5.5.1","5.5.2","5.5.3","5.5.4","5.6.0","5.6.2","5.7.0","6.0.0","6.0.1","6.1.0","6.1.1","6.1.2","6.2.0","7.0.0","7.0.1","7.1.0","7.1.1","7.1.3","7.1.5","7.1.6","7.1.7","7.1.8","7.1.9","7.1.10","7.2.0","7.2.1","7.3.0","7.4.0","7.4.1","7.4.2","7.4.3","8.0.0","8.0.1","8.1.0","8.1.1","8.2.0","8.2.1","8.2.2","8.3.0","8.4.0","8.5.0","8.5.1","9.0.0","9.0.1","9.0.2"],"vulnerableVersions":["0.1.0","0.2.0","0.3.0","0.4.0","0.4.1","1.0.0","1.0.2","1.1.0","1.1.1","1.1.2","1.2.0","1.3.0","2.0.0","3.0.0","3.1.0","3.1.1","3.2.0","3.2.1","3.2.2","4.0.0","4.1.0","4.2.0","4.2.1","4.2.2","5.0.0","5.0.1","5.0.2","5.0.3","5.0.4","5.0.5","5.1.0","5.2.0","5.3.1","5.4.0","5.4.1","5.5.0","5.5.1","5.5.2","5.5.3","5.5.4","5.6.0","5.6.2","5.7.0","6.0.0","6.0.1","6.1.0","6.1.1","6.1.2","6.2.0","7.0.0","7.0.1","7.1.0","7.1.1","7.1.3","7.1.5","7.1.6","7.1.7","7.1.8","7.1.9","7.1.10","7.2.0","7.2.1","7.3.0","7.4.0","7.4.1","7.4.2","7.4.3","8.0.0","8.0.1","8.1.0","8.1.1","8.2.0","8.2.1","8.2.2","8.3.0","8.4.0","8.5.0","8.5.1"],"cwe":["CWE-287","CWE-1259"],"cvss":{"score":5,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},"range":"<=8.5.1","id":"kOTND8lj80UMLVZAnoUR7Qvacg2ASEyYZGHmNst2rrYDlL83TlZtYxYFu7wnCvImBGXlnu0fGfk9T/oaa93CaQ=="}