Dark Reading

JsonWebToken Security Bug Opens Servers to RCE

A high-severity vulnerability (CVE-2022-23529) has been discovered in the popular JsonWebToken (JWT) open source encryption project, which could be used by attackers to achieve remote code execution ...
Bleeping Computer

Auth0 fixes RCE flaw in JsonWebToken library used by 22,000 projects

Update 1/31/23: Auth0 has withdrawn their security advisory on the JsonWebToken poisoning attack disclosed by Palo Alto Networks earlier this month. "After review and validation of community feedback ...