github.com/IceWhaleTech/CasaOS is vulnerable to Weak JWT Secrets. The vulnerability exists because the `InitV1Router` function of `v1.go` and `InitV2Router` function of `v2.go` does not properly validate the JWT tokens, which allows an attacker to send maliciously crafted JWTs and access the features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances.Read More