Issue Summary
The backend has 2 high severity vulnerabilities identified by npm audit.
Vulnerability Details
1. jws (< 3.2.3)
- Severity: High
- Issue: auth0/node-jws Improperly Verifies HMAC Signature
- Advisory: GHSA-869p-cjfg-cm3x
- CVE: CVE-2025-65945
- Current Version: 3.2.2
- Fixed Version: 3.2.3, 4.0.1
2. qs (< 6.14.1)
- Severity: High
- Issue: qs's arrayLimit bypass in its bracket notation allows DoS via memory exhaustion
- Advisory: GHSA-6rw7-vpxm-498p
- CVE: CVE-2025-15284
- Current Version: 6.14.0
- Fixed Version: 6.14.1
Steps to Reproduce
Impact
- jws vulnerability: Could allow attackers to bypass signature verification in JWT tokens
- qs vulnerability: Could lead to Denial of Service through memory exhaustion
Priority
High - These vulnerabilities affect authentication and application availability.
Environment
- Node.js backend
- Dependencies: jsonwebtoken (which uses jws), express (which uses qs)
Issue Summary
The backend has 2 high severity vulnerabilities identified by
npm audit.Vulnerability Details
1. jws (< 3.2.3)
2. qs (< 6.14.1)
Steps to Reproduce
cd backend npm auditImpact
Priority
High - These vulnerabilities affect authentication and application availability.
Environment