jwcrypto is vulnerable to authorization bypass. The vulnerability is due to JWT auto-detecting the token type; under certain circumstances, it’s possible to substitute a signed JWS token with a JWE token encrypted with the public key used for signature validation.Read More