Threat Post

JSON Libraries Patched Against Invalid Curve Crypto Attack

JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key. A number of JSON libraries using ...
Dark Reading

JsonWebToken Security Bug Opens Servers to RCE

A high-severity vulnerability (CVE-2022-23529) has been discovered in the popular JsonWebToken (JWT) open source encryption project, which could be used by attackers to achieve remote code execution ...