CVE-2019-7644
The CVE-2019-7644 entry concerns Auth0-WCF-Service-JWT prior to 1.0.4, where the service leaks the expected JWT signature in an error message when signature validation fails. This enables an attacker to forge arbitrary JWT tokens that the vulnerable application will accept, effectively bypassing ...