Popular JWT cloud security library patches “remote” code execution hole
It’s remotely triggerable, but attackers would already have pretty deep network access if they could “prime” your server for compromise.
RCE
Remote code execution bug discovered in the popular JsonWebToken library
The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken (JWT) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS score: 7.6), that could lead to remote code execution. The package is maintained by Auth0, it had over 9 million weekly downloads […]
The post Remote code execution bug discovered in the popular JsonWebToken library appeared first on Security Affairs.
Automotive Industry Exposed to Have Major API Vulnerabilities
By Habiba Rashid
The impacted automotive giants include BMW, Toyota, Ford, Honda, Mercedes-Benz and many more.
This is a post from HackRead.com Read the original post: Automotive Industry Exposed to Have Major API Vulnerabilities
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14….