Skip to content
logo logoSelf Service
Sign In Sign Up
  • Home
  • Knowledgebase
Back

Vulnerability in JsonWebToken

Updated 10/04/2024 10:41:47 AM by hvuser
  • PDF
  • Print
  • Share
    • Facebook
  • Copy To Clipboard
  • Collapse All Expand All

Content

Priority: ● High

Status: In Progress- Undergoing Analysis

 

First Published: 23 January 2023

Advisory Version: 1.0

References: CVE-2022-23529

 

Summary

A vulnerability in the JsonWebToken open source JavaScript package was recently announced by Unit 42 of Palo Alto Networks. This vulnerability, which affects versions 8.5.1 and earlier, could allow an attacker to remotely execute code via a maliciously crafted JSON web token (JWT) request.

This vulnerability has since been fixed in JsonWebToken version 9.0.0

Affected Products

Vulnerable Products

Hitachi Vantara is currently investigating its product lines to determine if any are affected by this vulnerability. If any products or solutions are found to be impacted, they will be indicated in this section, in subsequent updates to this advisory, along with information regarding fixed release versions (if such information is available at the time.) Likewise, any products or solutions that have been confirmed not to be affected by the given vulnerability will be listed in the section below.

 

Products Confirmed Not Vulnerable

* As this is an ongoing investigation across all Hitachi Vantara product lines, please note that products may be reclassified as vulnerable as they continue to be evaluated for risk.

Product Notes / Fixed Release Version
Software Products  
Hitachi Remote Ops(HRO) Not affected. Affected package is not used.
Content Products  
HCP for Cloud Scale Not affected. The vulnerable library is not used in the product.

 

Recommended Actions

Please continue to check this Security Advisory, as new information will be added to it as it becomes available.

 

If any of the information presented above remains unclear, please contact the Hitachi Vantara Global Support Center, or your Vantara-authorized service and support provider.

The information contained herein is for informational purposes only. It is not intended as a guaranty or warranty about Hitachi Vantara’s products, including any guaranty or warranty that any product cannot be exploited by third parties. All product warranties and obligations to a customer must be specified in a mutually acceptable and executed contract between the parties.

CXone Metadata

CVE

Keywords: https://knowledge.hitachivantara.com/Security/Vulnerability_in_JsonWebToken_-_CVE-2022-23529

Related Solutions

  • Hitachi Vantara Security Advisories - Index Page
  • Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and Later Allows Information Disclosure
  • Cisco NX-OS CLI Vulnerability
  • Multiple Security Vulnerabilities in Apache Log4j Library
  • Vulnerability in Versions of Samba Prior to 4.13.17 Could Allow a Remote Attacker to Execute Arbitrary Code
Solution ID
241403060168365
Last Modified Date
10/04/2024 10:41:47 AM
Attributes
Page Privacy and Permission Assignment
  • Page Privacy: Private
  • Page Level Permissions: Anonymous; Employee; Service Partner; Customer; IT; eServices
  • Article: cve
  • Pagetype: knowledgearticle
Taxonomy
  • Security Advisories > Advisories
Collections
  • Guest (Public)

Solution to Copy:

Copy to Clipboard

Failed to download PDF file.

Problem creating pdf file for the solution: 241403060168365
Close

Acknowledged.

Thank you for acknowledging that you have read and understood this solution.

Failure.

Unable to acknowlege. An error occurred.
Knowledge
  • Knowledgebase
Helpful Links
  • Community
  • Product Documentation
Upland RightAnswers | Self Service - 2024R2
© Fri Jul 11 07:41:01 EDT 2025 Upland Software, Inc. All Rights Reserved