PT-2026-52656
Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Lemur version 1.9.0 Description The JWT verifier in the lemur/lemur/auth/service.py component trusts the alg header field from unverified tokens and passes it directly into the pyjwt.decode function via the...