CNNVD-202602-548 Information

CNNVD ID

CNNVD-202602-548

Related CVE

CVE-2026-25537

• CNNVD Published: 2026-02-04

Description (Chinese)

jsonwebtoken是Auth0开源的一个 JSON Web 令牌的实现。 jsonwebtoken 10.3.0之前版本存在安全漏洞，该漏洞源于声明验证逻辑存在类型混淆，可能导致绕过基于时间的安全限制。

Description (English)

jsonwebtoken is a JSON Web token from Auth0 open source. There was a security loophole in the pre-Jsonwebtoken 10.3.0 version, which stemmed from the confusion of the statement that the validation logic was confusing and could lead to circumventing time-based security restrictions.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Auth0

Published

2026-02-04

Last Modified

2026-02-24

References

https://github.com/Keats/jsonwebtoken/commit/abbc3076742c4161347bc6b8bf4aa5eb86e1dc01 https://github.com/Keats/jsonwebtoken/security/advisories/GHSA-h395-gr6q-cpjc

Patch

https://github.com/Keats/jsonwebtoken/tags