Vulnerabilidades en nearform
9 resultadosCVE-2023-48223MEDIUMfast-jwt JWT Algorithm ConfusionEPSS 0.7%CVE-2025-30144MEDIUMFast-JWT Improperly Validates iss ClaimsEPSS 0.5%CVE-2026-35040MEDIUMfast-jwt: Stateful RegExp (/g or /y) causes non-deterministic allowed-claim validation (logical DoS)EPSS 0.4%CVE-2025-59936CRITICALget-jwks poisoned JWKS cache allows post-fetch issuer validation bypassEPSS 0.4%CVE-2026-35041MEDIUMReDoS in fast-jwt when using RegExp in allowed* leading to CPU exhaustion during token verificationEPSS 0.3%CVE-2026-44351CRITICALfast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypassEPSS 0.2%CVE-2026-34950CRITICALfast-jwt has an incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public KeyEPSS 0.2%CVE-2026-35039CRITICALfast-jwt Affected by Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)EPSS 0.2%CVE-2026-35042HIGHfast-jwt accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)EPSS 0.2%