PYSEC-2022-259
Discription

An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user’s identities, hijack their sessions, or bypass authentication.Read More

Back to Main

Subscribe for the latest news: