PYSEC-2026-252 acryl-datahub missing JWT signature check
Missing JWT signature check GHSL-2022-078 The StatelessTokenService of the DataHub metadata service GMS does not verify the signature of JWT tokens. This allows an attacker to connect to DataHub instances as any user if Metadata Service authentication is enabled. This vulnerability occurs because...