PT-2023-30748 · Joaquimserafim · Jsonwebtoken

Pinkdraconian

Publicado

2023-11-17

Atualizado

2026-06-09

CVE-2023-48238

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions joaquimserafim/json-web-token (affected versions not specified)

Description The json-web-token library is vulnerable to a JWT algorithm confusion attack. This issue arises because the algorithm to use for verifying the signature of the JWT token is taken from the JWT token itself, which at that point is still unverified and thus shouldn't be trusted. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work against this library if the RS256 algorithm is in use, which is considered a best practice.

Recommendations To resolve this issue, either of the following solutions can be applied:

Change the signature of the decode function to ensure that the algorithm is set in that call.
Check whether or not the secret could be a public key in the decode function and, in that case, set the key to be a public key.

Exploit

Correção

RCE

Insufficient Verification of Data Authenticity

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-345

Identificadores relacionados

CVE-2023-48238

GHSA-4XW9-CX39-R355

Produtos afetados

Jsonwebtoken

PT-2023-30748 · Joaquimserafim · Jsonwebtoken

CVE-2023-48238

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14