If you don't love me now: JsonWebToken breaks the software supply chain (again) - ReversingLabs

JWT type confusion: Yes, here’s another example of the risks in uncontrolled software supply chains. This npm library is relied upon by countless apps and services — perhaps yours.

3/ The bug’s been fixed by @Auth0, after the #vulnerability was disclosed responsibly by @Unit42_intel.

In this week’s #SSBlogwatch we worry for people who don’t update.

For @ReversingLabs’ @SecuredSoftware: https://t.co/iBhPMnKOPO

— @Richi 🤓 Jennings (@RiCHi) January 11, 2023