all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Critical Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects

Add to bookmarks
Jan. 10, 2023, 8:54 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

A high-severity security flaw has been disclosed in the open source jsonwebtoken (JWT) library that, if successfully exploited, could lead to remote code execution on a target server.
"By exploiting this vulnerability, attackers could achieve remote code execution (RCE) on a server verifying a maliciously crafted JSON web token (JWT) request," Palo Alto Networks Unit 42 researcher Artur Oleyarsh

alto attackers code code execution critical exploited exploiting flaw high json jsonwebtoken jwt library networks open source palo palo alto palo alto networks projects rce remote code remote code execution request researcher security server severity target token unit 42 vulnerability web

Visit resource

More from thehackernews.com / The Hacker News

How Attackers Can Own a Business Without Touching the Endpoint an hour ago | thehackernews.com
apps attack attackers attack techniques +14
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers an hour ago | thehackernews.com
akira akira ransomware america businesses +19
Hackers Target Middle East Governments with Evasive "CR4T" Backdoor 6 hours ago | thehackernews.com
backdoor campaign cybersecurity cybersecurity company +15
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade 21 hours ago | thehackernews.com
analysis called cisco cisco talos +22
FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor 22 hours ago | thehackernews.com
auto auto industry automotive automotive industry +17
Recover from Ransomware in 5 Minutes—We will Teach You How! 1 day, 1 hour ago | thehackernews.com
attack back can cdp +21
New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks 1 day, 1 hour ago | thehackernews.com
analysis android android trojan called +16
How to Conduct Advanced Static Analysis in a Malware Sandbox 1 day, 1 hour ago | thehackernews.com
advanced analysis can dynamic +17
Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide 1 day, 1 hour ago | thehackernews.com
arrested as-a-service called crackdown +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Information Security Manager & ISSO

@ Federal Reserve System | Minneapolis, MN
View on infosec-jobs.com

Forensic Lead

@ Arete | Hyderabad
View on infosec-jobs.com

Lead Security Risk Analyst (GRC)

@ Justworks, Inc. | New York City
View on infosec-jobs.com

Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com
View more jobs