Rob Fellows created NIFI-15471:
----------------------------------
Summary: UI - Address dependabot detected issues in transitive
dependency hono
Key: NIFI-15471
URL: https://issues.apache.org/jira/browse/NIFI-15471
Project: Apache NiFi
Issue Type: Task
Components: Core UI
Reporter: Rob Fellows
Assignee: Rob Fellows
[https://github.com/apache/nifi/security/dependabot/525]
[https://github.com/apache/nifi/security/dependabot/524]
*npm audit:*
hono <=4.11.3
Severity: high
Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks "alg"
(untrusted header.alg fallback) -
https://github.com/advisories/GHSA-3vhc-576x-3qv4
Hono JWT Middleware's JWT Algorithm Confusion via Unsafe Default (HS256) Allows
Token Forgery and Auth Bypass -
https://github.com/advisories/GHSA-f67f-6cw9-8mq4
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
