#js

Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512).

namshi/jose allows the acceptance of unsecure JSON Web Signatures (JWS) by default. The vulnerability arises from the $allowUnsecure flag, which, when set to true during the loading of JWSes, permits tokens signed with 'none' algorithms to be processed. This behavior poses a significant security risk as it could allow an attacker to impersonate users by crafting a valid jwt token.

## ID: NFLX-2024-002 ### Impact Authenticated users can achieve limited RCE in ConsoleMe, restricted to flag inputs on a single CLI command. Due to this constraint, it is not currently known whether full RCE is possible but it is unlikely. However, a specific flag allows authenticated users to read any server files accessible by the ConsoleMe process. Given ConsoleMe's role as an AWS identity broker, accessing files containing secrets on the server could potentially be exploited for privilege escalation. Deployments of ConsoleMe that allow templated resources are impacted and urged to patch immediately. Deployments that do not permit templated resources are not affected. To determine if your ConsoleMe deployment uses templated resources, check the configuration value for `cache_resource_templates.repositories`. If this value does not exist or is an empty array, your deployment is not impacted. ### Description The self-service flow for templated resources in ConsoleMe accepts a user...

Red Hat Security Advisory 2024-2853-03 - An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP request smuggling, denial of service, and out of bounds read vulnerabilities.

Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.

Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512).

Starting with FOSRestBundle 1.2 we [switched](https://github.com/FriendsOfSymfony/FOSRestBundle/pull/642/files#diff-431bc57ca9ca16332c0cff43ad45263cR37) to using [willdurand/jsonp-callback-validator](https://github.com/willdurand/JsonpCallbackValidator) for validation of JSONP callbacks. However [the change was implemented](https://github.com/FriendsOfSymfony/FOSRestBundle/pull/665) incorrectly validating the callback query param name, rather than its value. Anyone using the JSONP handler (which is off by default) together with FOSRestBundle 1.2.0 or 1.2.1 should update to FOSRestBundle [1.2.2](https://github.com/FriendsOfSymfony/FOSRestBundle/releases/tag/1.2.2).

Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512).

Apple Security Advisory 05-13-2024-8 - tvOS 17.5 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 05-13-2024-2 - iOS 17.5 and iPadOS 17.5 addresses bypass and code execution vulnerabilities.