{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T06:23:08.226","vulnerabilities":[{"cve":{"id":"CVE-2022-23539","sourceIdentifier":"security-advisories@github.com","published":"2022-12-23T00:15:12.347","lastModified":"2024-11-21T06:48:46.303","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm. You are affected if you are using an algorithm and a key type other than a combination listed in the GitHub Security Advisory as unaffected. This issue has been fixed, please update to version 9.0.0. This version validates for asymmetric key type and algorithm combinations. Please refer to the above mentioned algorithm / key type combinations for the valid secure configuration. After updating to version 9.0.0, if you still intend to continue with signing or verifying tokens using invalid key type/algorithm value combinations, you’ll need to set the `allowInvalidAsymmetricKeyTypes` option  to `true` in the `sign()` and/or `verify()` functions."},{"lang":"es","value":"Las versiones `&lt;=8.5.1` de la librería `jsonwebtoken` podrían estar mal configuradas para que se utilicen tipos de claves heredadas e inseguras para la verificación de firmas. Por ejemplo, las claves DSA podrían usarse con el algoritmo RS256. Usted se verá afectado si utiliza un algoritmo y un tipo de clave que no sea una combinación que figura en GitHub Security Advisory como no afectada. Este problema se ha solucionado; actualice a la versión 9.0.0. Esta versión valida para combinaciones de algoritmos y tipos de claves asimétricas. Consulte las combinaciones de algorithm / key type mencionadas anteriormente para conocer la configuración segura válida. Después de actualizar a la versión 9.0.0, si aún tiene la intención de continuar firmando o verificando tokens utilizando combinaciones de key type/algorithm no válidas, deberá configurar la opción `allowInvalidAmetricKeyTypes` en `true` en `sign()`. y/o funciones `verify()`."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:auth0:jsonwebtoken:*:*:*:*:*:node.js:*:*","versionEndIncluding":"8.5.1","matchCriteriaId":"7E5DD3C1-F5DD-4BFD-BCA3-561BC167CB35"}]}]}],"references":[{"url":"https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0007/","source":"security-advisories@github.com"},{"url":"https://github.com/auth0/node-jsonwebtoken/commit/e1fa9dcc12054a8681db4e6373da1b30cf7016e3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0007/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}