Bleeping Computer

Auth0 fixes RCE flaw in JsonWebToken library used by 22,000 projects

Update 1/31/23: Auth0 has withdrawn their security advisory on the JsonWebToken poisoning attack disclosed by Palo Alto Networks earlier this month. "After review and validation of community feedback ...
Infosecurity-magazine.com

Researchers Find Security Flaw in JsonWebToken Library Used By 20,000+ Projects

A new high-severity vulnerability has been found in the popular JsonWebToken open-source JavaScript package. By exploiting the flaw, an attacker could perform remote code execution (RCE) on a server ...