First published: Fri Nov 17 2023(Updated: )
Credit: firstname.lastname@example.org email@example.com
|Affected Software||Affected Version||How to fix|
|Joaquimserafim Json Web Token||<3.1.1|
CVE-2023-48238 is a vulnerability in the json-web-token library that allows for a JWT algorithm confusion attack.
The severity of CVE-2023-48238 is high with a CVSS score of 7.5.
The json-web-token library version up to and including 3.1.1 is affected by CVE-2023-48238.
CVE-2023-48238 works by allowing an attacker to manipulate the algorithm used for verifying the signature of a JWT token, leading to algorithm confusion and potential unauthorized access.
To fix CVE-2023-48238, it is recommended to update the json-web-token library to a version that is not affected by the vulnerability.