Fix jsonwebtoken — CVE-2022-23543 HIGH
Fix CVE-2022-23543 (HIGH) in jsonwebtoken for Rust. Paste your Cargo.toml into PackageFix and get a patched version — no CLI, no signup. Algorithm confusion allowing none algorithm bypass.
⚠ Vulnerability
CVE-2022-23543 (HIGH) — algorithm confusion allowing none algorithm bypass in jsonwebtoken below 9.3.0.
Vulnerable — Cargo.toml
jsonwebtoken = "8.3.0"
Fixed — Cargo.toml
jsonwebtoken = "9.3.0"
✓ Fix
Update jsonwebtoken to 9.3.0 and run cargo update.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2022-23543 |
| Severity | HIGH |
| Package | jsonwebtoken (Rust) |
| Safe version | 9.3.0 |
| CISA KEV | — |
| Description | Algorithm confusion allowing none algorithm bypass |
Frequently Asked Questions
What is CVE-2022-23543?
CVE-2022-23543 is a HIGH severity vulnerability in jsonwebtoken (Rust) that allows algorithm confusion allowing none algorithm bypass. Update to 9.3.0 or later.
How do I fix CVE-2022-23543 in jsonwebtoken?
Update jsonwebtoken to version 9.3.0 in your Cargo.toml and run cargo update.
Is CVE-2022-23543 being actively exploited?
Check packagefix.dev — the CISA KEV catalog updates daily.
How do I verify the fix for CVE-2022-23543?
After updating, paste your Cargo.toml into PackageFix again. If CVE-2022-23543 no longer appears in the CVE table, the fix is applied.