json-web-token is vulnerable to Json Web Token (JWT) Bypass. The vulnerability is due to an insecure mechanism used while verifying the signature of a JWT. The library blindly trusts the algorithm listed in the token without further verification. An attacker can forge a token using the HS256 algorithm, resulting in an authentication…Read More