Description
When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.
Remediation
References
https://nodesecurity.io/advisories/81
https://github.com/dwyl/hapi-auth-jwt2/pull/112
https://github.com/dwyl/hapi-auth-jwt2/issues/111
Related Vulnerabilities
CVE-2017-12631 Vulnerability in maven package org.apache.cxf.fediz:fediz-spring
CVE-2023-45282 Vulnerability in npm package openmct
CVE-2020-13961 Vulnerability in npm package strapi
CVE-2023-3442 Vulnerability in maven package io.jenkins.plugins:servicenow-devops
CVE-2023-37953 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration