Affected versions of this package are vulnerable to Improper Input Validation such that if a malicious actor has the ability to modify the key retrieval parameter (referring to the secretOrPublicKey argument from the readme link) of the jwt.verify() function, they can gain remote code execution (RCE).
Ref: https://security.snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020
Introduced through: twilio@3.84.1 › jsonwebtoken@8.5.1
Affected versions of this package are vulnerable to Improper Input Validation such that if a malicious actor has the ability to modify the key retrieval parameter (referring to the secretOrPublicKey argument from the readme link) of the jwt.verify() function, they can gain remote code execution (RCE). Ref: https://security.snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020