CVE-2023-48223
published 2023-11-20CVE-2023-48223: fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for…
PriorityP432medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
0.69%
48.0th percentile
fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work if the victim application utilizes a public key containing the `BEGIN RSA PUBLIC KEY` header. Applications using the RS256 algorithm, a public key with a `BEGIN RSA PUBLIC KEY` header, and calling the verify function without explicitly providing an algorithm, are vulnerable to this algorithm confusion attack which allows attackers to sign arbitrary payloads which will be accepted by the verifier. Version 3.3.2 contains a patch for this issue. As a workaround, change line 29 of `blob/master/src/crypto.js` to include a regular expression.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nearform | fast-jwt | < 3.3.2 | 3.3.2 |
| nearform | fast-jwt | < 6.2.0 | 6.2.0 |
| nearform | fast-jwt | <= 6.1.0 | — |
| nearform | fast-jwt | >= 0 < 6.2.0 | 6.2.0 |
| nearform | fast-jwt | >= 0 < 3.3.2 | 3.3.2 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
ghsa5.9MEDIUM
osv5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
osv·2026-04-02·CVSS 5.9
CVE-2026-34950 [MEDIUM] fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
### Summary
The fix for GHSA-c2ff-88x2-x9pg (CVE-2023-48223) is incomplete. The publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that the CVE patched.
### Details
The fix for CVE-2023-48223 (https://github.com/nearform/fast-jwt/commit/15a6e92, v3.3.2) changed the public key matcher from a
plain string used with .includes() to a regex used with .match():
```
// Before fix (vulnerable to original CVE)
const publicKeyPemMatcher = '-----BEGIN PUBLIC KEY-----'
// .includes() matched anywhere in the string — not vulnerable to whitespace
// After fix
GHSA
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
ghsa·2026-04-02·CVSS 5.9
CVE-2026-34950 [MEDIUM] CWE-20 fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
fast-jwt: Incomplete fix for CVE-2023-48223: JWT Algorithm Confusion via Whitespace-Prefixed RSA Public Key
### Summary
The fix for GHSA-c2ff-88x2-x9pg (CVE-2023-48223) is incomplete. The publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in the key string, re-enabling the exact same JWT algorithm confusion attack that the CVE patched.
### Details
The fix for CVE-2023-48223 (https://github.com/nearform/fast-jwt/commit/15a6e92, v3.3.2) changed the public key matcher from a
plain string used with .includes() to a regex used with .match():
```
// Before fix (vulnerable to original CVE)
const publicKeyPemMatcher = '-----BEGIN PUBLIC KEY-----'
// .includes() matched anywhere in the string — not vulnerable to whitespace
// After fix
OSV
JWT Algorithm Confusion
osv·2023-11-20
CVE-2023-48223 [MEDIUM] JWT Algorithm Confusion
JWT Algorithm Confusion
### Summary
The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types.
### Details
The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work if the victim application utilizes a public key containing the `BEGIN RSA PUBLIC KEY` header.
### PoC
Take a server running the following code:
```javascript
const express = require('express');
const { createSigner, createVerifier } = require('fast-jwt')
const fs = require('fs');
const path = require('path');
const app = express();
co
GHSA
JWT Algorithm Confusion
ghsa·2023-11-20
CVE-2023-48223 [MEDIUM] CWE-20 JWT Algorithm Confusion
JWT Algorithm Confusion
### Summary
The fast-jwt library does not properly prevent JWT algorithm confusion for all public key types.
### Details
The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work if the victim application utilizes a public key containing the `BEGIN RSA PUBLIC KEY` header.
### PoC
Take a server running the following code:
```javascript
const express = require('express');
const { createSigner, createVerifier } = require('fast-jwt')
const fs = require('fs');
const path = require('path');
const app = express();
co
No detection rules found.
No public exploits indexed.
https://github.com/nearform/fast-jwt/blob/master/src/crypto.js#L29https://github.com/nearform/fast-jwt/releases/tag/v3.3.2https://github.com/nearform/fast-jwt/security/advisories/GHSA-c2ff-88x2-x9pghttps://github.com/nearform/fast-jwt/blob/master/src/crypto.js#L29https://github.com/nearform/fast-jwt/releases/tag/v3.3.2https://github.com/nearform/fast-jwt/security/advisories/GHSA-c2ff-88x2-x9pg
2023-11-20
Published