firebase/php-jwt is vulnerable to validation bypass. The vulnerability exists in `decode` and `verify` functions in `JWT.php` because the token validations are not properly handled when multiple keys are loaded in a key ring which allows an attacker to bypass server-side validations.Read More