isha689
commented
1 year ago Duplicate Issue https://github.com/twilio/twilio-node/issues/846 We have updated our twilio-node v4 release candidate to jsonwebtoken to v9
Closed skt1598 closed 1 year ago
isha689
commented
1 year ago Duplicate Issue https://github.com/twilio/twilio-node/issues/846 We have updated our twilio-node v4 release candidate to jsonwebtoken to v9
Introduced through: twilio@3.84.1 › jsonwebtoken@8.5.1
Affected versions of this package are vulnerable to Improper Input Validation such that if a malicious actor has the ability to modify the key retrieval parameter (referring to the secretOrPublicKey argument from the readme link) of the jwt.verify() function, they can gain remote code execution (RCE). Ref: https://security.snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180020