CVE-2020-15084
CVE-2020-15084 affects express-jwt up to version 5.3.3, where the algorithms configuration is not enforced when using jwks-rsa as the secret, potentially allowing authorization bypass. The issue is resolved in version 6.0.0; remediation is to explicitly configure allowed algorithms (e.g., RS256) ...