{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "0.11.0" } ] }, "events": [ { "introduced": "0" }, { "fixed": "f15bd4637c96a79e715ff90a5e479177fccb3d25" } ], "repo": "https://github.com/cisco/node-jose", "type": "GIT" } ] } ], "details": "A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.", "id": "CVE-2018-0114", "modified": "2026-03-15T21:47:46.284487062Z", "published": "2018-01-04T06:29:00.417Z", "references": [ { "type": "ADVISORY", "url": "https://www.exploit-db.com/exploits/44324/" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/102445" }, { "type": "ADVISORY", "url": "https://github.com/cisco/node-jose/blob/master/CHANGELOG.md" }, { "type": "FIX", "url": "https://tools.cisco.com/security/center/viewAlert.x?alertId=56326" }, { "type": "EVIDENCE", "url": "https://github.com/zi0Black/POC-CVE-2018-0114" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }