GHSA-QWPH-4952-7XR6 jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Overview In versions =8.5.1 of jsonwebtoken library, lack of algorithm definition and a falsy secret or key in the jwt.verify function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Am I affected? You will be affected if all the followi...