GHSA-VGRX-W6RG-8FQF Forgeable Public/Private Tokens in jwt-simple
Affected versions of the jwt-simple package allow users to select what algorithm the server will use to verify a provided JWT. A malicious actor can use this behaviour to arbitrarily modify the contents of a JWT while still passing verification. For the common use case of the JWT, the end result ...