PT-2025-11698 · Fast-Jwt · Fast-Jwt
Name of the Vulnerable Software and Affected Versions: fast-jwt versions prior to 5.0.6 Description: The fast-jwt library does not properly validate the iss claim based on the RFC 7519, allowing an array of strings as a valid iss value. This enables a potential attack where a malicious actor craf...