Query PR
github/codeql#14666
Language
Javascript
CVE(s) ID list
WIP
CWE
CWE-798
Report
Usage of a hardcoded secret key to decode and verify JWTs will cause authentication and authorization bypass which in this query I tried to model many libraries for.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response
Query PR
github/codeql#14666
Language
Javascript
CVE(s) ID list
WIP
CWE
CWE-798
Report
Usage of a hardcoded secret key to decode and verify JWTs will cause authentication and authorization bypass which in this query I tried to model many libraries for.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
Blog post link
No response