Fix golang-jwt — CVE-2022-29217 HIGH
Fix CVE-2022-29217 (HIGH) in golang-jwt for Go. Paste your go.mod into PackageFix and get a patched version — no CLI, no signup. Algorithm confusion allowing none algorithm bypass.
⚠ Vulnerability
CVE-2022-29217 (HIGH) — algorithm confusion allowing none algorithm bypass in golang-jwt below v5.2.1.
Vulnerable — go.mod
github.com/golang-jwt/jwt v3.2.2+incompatible
Fixed — go.mod
github.com/golang-jwt/jwt/v5 v5.2.1
✓ Fix
Update golang-jwt to v5.2.1 and run go mod tidy.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2022-29217 |
| Severity | HIGH |
| Package | golang-jwt (Go) |
| Safe version | v5.2.1 |
| CISA KEV | — |
| Description | Algorithm confusion allowing none algorithm bypass |
Frequently Asked Questions
What is CVE-2022-29217?
CVE-2022-29217 is a HIGH severity vulnerability in golang-jwt (Go) that allows algorithm confusion allowing none algorithm bypass. Update to v5.2.1 or later.
How do I fix CVE-2022-29217 in golang-jwt?
Update golang-jwt to version v5.2.1 in your go.mod and run go mod tidy.
Is CVE-2022-29217 being actively exploited?
Check packagefix.dev — the CISA KEV catalog updates daily.
How do I verify the fix for CVE-2022-29217?
After updating, paste your go.mod into PackageFix again. If CVE-2022-29217 no longer appears in the CVE table, the fix is applied.