dwyl/hapi-auth-jwt2

Releases65

Frequency1 month 3 weeks

Last Release over 1 year ago

Stars796

:lock: Secure Hapi.js authentication plugin using JSON Web Tokens (JWT) in Headers, URL or Cookies

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2016-10525 ↗	May 29, 2018Tuesday, 29 May 2018, 20:29	—	7.5 HIGH
When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication.