### Overview An improper signature verification vulnerability exists when using auth0/node-jws with the HS256 algorithm under specific conditions. ### Am I Affected? You are affected by this vulnerability if you meet all of the following preconditions: 1. Application uses the auth0/node-jws implementation of JSON Web Signatures, versions <=3.2.2 || 4.0.0 2. Application uses the jws.createVerify() function for HMAC algorithms 3. Application uses user-provided data from the JSON Web Signature Protected Header or Payload in the HMAC secret lookup routines You are NOT affected by this vulnerabili…
GHSA-869p-cjfg-cm3x: auth0/node-jws Improperly Verifies HMAC Signature
auth0/node-jws versions <=3.2.2 or 4.0.0 have an improper HMAC signature verification vulnerability when using the HS256 algorithm with user-provided data.