maparent
commented
1 year ago This vulnerability targets a specific javascript library, no relation to what pgjwt uses internally. JS client code may need review, but that is another story.
Closed NickEmpetvee closed 1 year ago
maparent
commented
1 year ago This vulnerability targets a specific javascript library, no relation to what pgjwt uses internally. JS client code may need review, but that is another story.
NickEmpetvee
commented
1 year ago @maparent Thank you.
https://www.darkreading.com/vulnerabilities-threats/jsonwebtoken-security-bug-opens-servers-rce
It talks about how 9.0 is the safe JWT version.