Skip to content

CVE-2022-25898 Security fix in JWS and JWT validation
Compare
Choose a tag to compare
@kjur kjur released this 23 Jun 15:31
· 22 commits to master since this release
10.5.25
4536a6e
  • Changes from 10.5.24 to 10.5.25 (2022-Jun-23)
    • src/jws.js
      • JWS.verify and JWS.verifyJWT
        • CVE-2022-25898 SECURITY FIX:
          verify and verifyJWT may accept signature with special characters
          or \number characters by mistake.
          Please see security advisory:
          GHSA-3fvg-4v2m-98jf
    • src/base64x.js
      • function isBase64URLDot added
    • test/qunit-do-jwt-veri.html
Assets 2
Loading