github.com/square/go-jose is vulnerable to signature exploitation attacks. During the validation of a signed message, the API does not indicate whether the signature is valid or not. This may lead to confusion if another library assumes the signatures attached are the ones that were originally validated.