prime-jwt is vulnerable to validation bypasses. The library allows the decoding of non-signed JWT signatures, which allows a malicious user to pass a JWT signature with a valid header using the none
algorithm and bypass validation.
CPE | Name | Operator | Version |
---|---|---|---|
inversoft prime jwt | le | 1.3.0 |