0.001 Low
EPSS
Percentile
41.0%
json-jwt is vulnerable to authentication bypasses. The library does not properly validate the GCM auth tag length, allowing a malicious user to require at most 256 attempts to forge a valid auth tag.
github.com/nov/json-jwt/pull/62