CVE advisoryHIGH
CVE-2023-48238
joaquimserafim json-web-token JWT Algorithm Confusion Vulnerability
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A vulnerability in a JavaScript library for JSON Web Tokens could allow an attacker to forge tokens by tricking the library into using an incorrect algorithm for signature verification. This may lead to unauthorized access or actions if the library is used in applications relying on JWTs for authentication or authoriza