jsonwebtoken <=8.5.1
Severity: high
jsonwebtoken has insecure input validation in jwt.verify function - https://github.com/advisories/GHSA-27h2-hvpr-p74q
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959
jsonwebtoken unrestricted key type could lead to legacy keys usage - https://github.com/advisories/GHSA-8cf7-32gw-wr33
fix available via npm audit fix --force
Will install mssql@7.2.0, which is a breaking change
node_modules/jsonwebtoken
@azure/msal-node *
Depends on vulnerable versions of jsonwebtoken
node_modules/@azure/msal-node
@azure/identity >=1.2.0-alpha.20200903.1
Depends on vulnerable versions of @azure/msal-node
node_modules/@azure/identity
tedious >=11.0.9
Depends on vulnerable versions of @azure/identity
node_modules/tedious
mssql >=7.2.1
Depends on vulnerable versions of tedious
node_modules/mssql
5 vulnerabilities (4 moderate, 1 high)
To address all issues (including breaking changes), run:
npm audit fix --force
MSSQL FAILS npm audit with the following message:
npm audit report
jsonwebtoken <=8.5.1 Severity: high jsonwebtoken has insecure input validation in jwt.verify function - https://github.com/advisories/GHSA-27h2-hvpr-p74q jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC - https://github.com/advisories/GHSA-hjrf-2m68-5959 jsonwebtoken unrestricted key type could lead to legacy keys usage - https://github.com/advisories/GHSA-8cf7-32gw-wr33 fix available via
npm audit fix --force
Will install mssql@7.2.0, which is a breaking change node_modules/jsonwebtoken @azure/msal-node * Depends on vulnerable versions of jsonwebtoken node_modules/@azure/msal-node @azure/identity >=1.2.0-alpha.20200903.1 Depends on vulnerable versions of @azure/msal-node node_modules/@azure/identity tedious >=11.0.9 Depends on vulnerable versions of @azure/identity node_modules/tedious mssql >=7.2.1 Depends on vulnerable versions of tedious node_modules/mssql5 vulnerabilities (4 moderate, 1 high)
To address all issues (including breaking changes), run: npm audit fix --force
Expected behaviour:
No vunerabilities found
Software versions