3scale's gateway usage of JWT does not properly handle verification of algorithm claims in the token header. An attacker could use this flaw to create a signed token with improper claims and thus to bypass security restrictions for the…Read More
3scale's gateway usage of JWT does not properly handle verification of algorithm claims in the token header. An attacker could use this flaw to create a signed token with improper claims and thus to bypass security restrictions for the…Read More