Security
Audit
jose-exposed-data
jose-exposed-data
The object is passed strictly to jose.JWT.sign(…) Make sure that sensitive information is not exposed through JWT token payload.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-522: Insufficiently Protected Credentials
OWASP:
- A02:2017 - Broken Authentication
- A04:2021 - Insecure Design