JsonWebToken vulnerability: No danger for NoSpamProxy customers

Currently, a security vulnerability exists in a widely used JsonWebToken library. Under certain conditions, attackers can distribute and execute malicious code remotely. There is no danger for NoSpamProxy customers.

The affected JsonWebToken library is used to create, sign and verify JSON web tokens. It works on a JavaScript basis and is used in around 22,000 software projects. 36 million downloads from the npm repository now make the library particularly dangerous, as attackers can use a so-called supply chain attack to attack countless applications that use the library. In this case, open source projects from IBM and Microsoft, among others, are vulnerable.

More information can be found on the Github page of the developers of Okta Auth0 and at Palo Alto Networks Unit 42.