hapi-auth-jwt icon indicating copy to clipboard operation
hapi-auth-jwt copied to clipboard
verified publisher icon ryanfitz

Regular Expression Denial of Service (ReDoS)

Open petey opened this issue 8 years ago • 2 comments

hapi-auth-jwt requires an old version of jsonwebtoken (5.x), which depends on ms which has a ReDoS vulnerability. Please update jsonwebtoken to use at least 7.4.1 which has fixed this issue.

Thanks!

https://snyk.io/test/github/screwdriver-cd/screwdriver.git

petey avatar Jul 13 '17 20:07 petey

This plugin seems to be largely abandoned, see https://www.npmjs.com/package/hapi-auth-jwt2 for a maintained version.

antony avatar Aug 30 '17 10:08 antony

Thanks.

petey avatar Sep 11 '17 21:09 petey