pkg:npm/fast-jwt

共 8 筆 CVECRITICAL3HIGH1MEDIUM4

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL9.1CVE-2026-44351fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolver
    from 0, < 6.2.4
  • CRITICAL9.1CVE-2026-35039fast-jwt: Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)
    >= 0.0.1, < 6.2.0
  • CRITICAL9.1CVE-2026-34950fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
    from 0, < 6.2.0
  • HIGH7.5CVE-2026-35042fast-jwt accepts unknown `crit` header extensions (RFC 7515 violation)
    from 0, <= 6.1.0
  • MEDIUM6.5CVE-2025-30144Fast-JWT Improperly Validates iss Claims
    from 0, < 5.0.6
  • MEDIUM5.9CVE-2023-48223JWT Algorithm Confusion
    from 0, < 3.3.2
  • MEDIUM5.3CVE-2026-35040fast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)
    from 0, < 6.2.1
  • MEDIUM4.2CVE-2026-35041fast-jwt has a ReDoS when using RegExp in allowed* leading to CPU exhaustion during token verification
    >= 5.0.0, < 6.2.1