Vulnerability in JsonWebToken
Priority: ● High
Status: In Progress- Undergoing Analysis
First Published: 23 January 2023
Advisory Version: 1.0
This vulnerability has since been fixed in JsonWebToken version 9.0.0
Hitachi Vantara is currently investigating its product lines to determine if any are affected by this vulnerability. If any products or solutions are found to be impacted, they will be indicated in this section, in subsequent updates to this advisory, along with information regarding fixed release versions (if such information is available at the time.) Likewise, any products or solutions that have been confirmed not to be affected by the given vulnerability will be listed in the section below.
Products Confirmed Not Vulnerable
* As this is an ongoing investigation across all Hitachi Vantara product lines, please note that products may be reclassified as vulnerable as they continue to be evaluated for risk.
|Product||Notes / Fixed Release Version|
|Hitachi Remote Ops (HRO)||Not affected. Affected package is not used.|
|HCP for Cloud Scale||Not affected. The vulnerable library is not used in the product.|
Please continue to check this Security Advisory, as new information will be added to it as it becomes available.
If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.
The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.