firebase/php-jwt is vulnerable to validation bypass. The vulnerability exists in decode
and verify
functions in JWT.php
because the token validations are not properly handled when multiple keys are loaded in a key ring which allows an attacker to bypass server-side validations.