json-jwt is vulnerable to denial of service. The lack of element counts during a JWE string splitting can lead to an application crash when more than expected number of elements exists in the JWE string. This vulnerability could potentially allow for the bypass of the signature validation.