jwt-decode-without-verify
jwt-decode-without-verify
Detected the decoding of a JWT token without a verify step. JWT tokens must be verified before use, otherwise the token’s integrity is unknown. This means a malicious actor could forge a JWT token with any claims. Validate the token before using it.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-345: Insufficient Verification of Data Authenticity
OWASP:
- A08:2021 - Software and Data Integrity Failures
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-345: Insufficient Verification of Data Authenticity
OWASP:
- A08:2021 - Software and Data Integrity Failures