jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token.
[
{
"product": "jwt-scala",
"vendor": "reallyl IO",
"versions": [
{
"status": "affected",
"version": "1.2.2 and earlier"
}
]
}
]