Professionally Evil Blog
A blog by experts of penetration testing and other security assessments.
What happened to CVE-2022-23529? And what can we learn from it?
If you saw the disclosure notice for the flaw CVE-2022-23529, it would have been presented as a remote code execution flaw (via JWT secret poisoning) in the `jwt.verify` method of a main Node.js package for working with JSON Web Tokens (JWTs). The package in question is Auth0’s node_jsonwebtoken ...Learn more
Most of the time, proxying the browser doesn’t present any sort of trouble. You should be able to ...Learn more
If you’ve done any significant amount of API development, there’s a good chance you’ve used ...Learn more