Source |
The Hacker News |
Identifiant |
8299476 |
Date de publication |
2023-01-10 14:24:00 (vue: 2023-01-10 10:06:10) |
Titre |
Critical Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects |
Texte |
A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server.
"By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request," Palo Alto Networks Unit 42 researcher Artur Oleyarsh |
Envoyé |
Oui |
Condensat |
000+ achieve alto artur attackers been code could crafted critical disclosed execution exploited exploiting flaw found has high json jsonwebtoken jwt lead library maliciously networks oleyarsh open palo projects rce remote request researcher security server severity source successfully target this vulnerability token unit used verifying web |
Tags |
Guideline
|
Stories |
|
Notes |
★★
|
Move |
|
Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-01-10 17:00:00 |
(Déjà vu) Researchers Find Security Flaw in JsonWebToken Library Used By 20,000+ Projects (lien direct) |
An attacker could perform RCE on a server verifying a maliciously crafted JWT request |
|
|
★★
|