fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular expression. Because the aud claim is attacker-controlled and the library evaluates it against the supplied RegExp, a crafted JWT can trigger catastrophic backtracking in the JavaScript regex engine, resulting in significant CPU consumption during verification.
This vulnerability is fixed in 6.2.1.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
High
Admin privileges needed
User Interaction
Required
User action required
Impact Assessment
Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service
CVSS Vector v3.1
Weakness Type (CWE)
References 4
https://github.com/nearform/fast-jwt/commit/b0be0ca161593836a153d5180ca5358ad9b…
security-advisories@github.com
https://github.com/nearform/fast-jwt/pull/595
security-advisories@github.com
https://github.com/nearform/fast-jwt/releases/tag/v6.2.1
security-advisories@github.com
https://github.com/nearform/fast-jwt/security/advisories/GHSA-cjw9-ghj4-fwxf
security-advisories@github.com