isha689
commented
1 year ago Duplicate Issue https://github.com/twilio/twilio-node/issues/846 We have updated our twilio-node v4 release candidate to v9
Closed skt1598 closed 1 year ago
isha689
commented
1 year ago Duplicate Issue https://github.com/twilio/twilio-node/issues/846 We have updated our twilio-node v4 release candidate to v9
Introduced through: twilio@3.84.1 › jsonwebtoken@8.5.1
Affected versions of this package are vulnerable to Improper Authentication such that the lack of algorithm definition in the jwt.verify() function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Ref: https://security.snyk.io/vuln/SNYK-JS-JSONWEBTOKEN-3180022