Auth fixes RCE flaw in JsonWebToken library used by 22000 projects


The widely used open-source “JsonWebToken” module, which is downloaded more than 36 million times a month on NPM and used by over 22,000 projects, was patched by Auth0 to prevent remote code execution. JSON Web tokens can be created, signed, and verified using the open-source library known as the JsonWebToken project.

The library is utilised in open source initiatives developed by numerous companies, including Microsoft, Twilio, Salesforce, Intuit, Box, IBM, Docusign, Slack, and SAP. Below 9.0.0, which was issued on December 21st, just before the Christmas, JsonWebToken versions are affected by the vulnerability, which is tagged as CVE-2022-23529.

Read More…