all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

If you don't love me now: JsonWebToken breaks the software supply chain (again)

Add to bookmarks
Jan. 11, 2023, 6:04 p.m. | richi.jennings@richi.co.uk (Richi Jennings)

ReversingLabs Blog blog.reversinglabs.com





The JsonWebToken library has a serious flaw, which could lead to remote code execution (RCE). That’s potentially a huge problem, because it’s used all over the place.

code code execution don flaw jsonwebtoken library love problem rce remote code remote code execution secure software blogwatch serious software software supply chain software supply chain security supply supply chain

Visit resource

More from blog.reversinglabs.com / ReversingLabs Blog

CycloneDX upgraded for the evolving software supply chain security era 1 day, 20 hours ago | blog.reversinglabs.com
ai development appsec & supply chain security bill bills +25
Where GenAI intersects with threat modeling: 3 key benefits for AppSec 2 days, 22 hours ago | blog.reversinglabs.com
application application security appsec appsec & supply chain security +18
OWASP's LLM AI Security & Governance Checklist: 13 action items for your team 3 days, 22 hours ago | blog.reversinglabs.com
action ai security appsec & supply chain security artificial +15
XZ Trojan highlights software supply chain risk posed by 'sock puppets' 1 week, 1 day ago | blog.reversinglabs.com
appsec & supply chain security attacks compression compromise +28
The state of secrets security: 7 steps to better managing risk 1 week, 2 days ago | blog.reversinglabs.com
appsec & supply chain security complexity development epidemic +16
When GenAI and low-code collide: What could go wrong for AppSec? 1 week, 3 days ago | blog.reversinglabs.com
application application security appsec appsec & supply chain security +22
Malicious helpers: VS Code Extensions observed stealing sensitive information 2 weeks, 2 days ago | blog.reversinglabs.com
administrators attacks code daily +20
SBOMs are now essential: Make them actionable to better manage risk 2 weeks, 3 days ago | blog.reversinglabs.com
actionable appsec & supply chain security attack attacks +15
A software supply chain meltdown: What we know about the XZ Trojan 2 weeks, 4 days ago | blog.reversinglabs.com
alarms appsec & supply chain security attack backdoor +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Security Officer Level 1 (L1)

@ NTT DATA | Virginia, United States of America
View on infosec-jobs.com

Alternance - Analyste VOC - Cybersécurité - Île-De-France

@ Sopra Steria | Courbevoie, France
View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote US or Remote CAN
View on infosec-jobs.com

Cyber Security Engineer Lead

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com
View more jobs