0.001 Low
EPSS
Percentile
30.8%
jwt-scala is vulnerable to a signature verification bypass. A malicious user can pass a token that declares the cipher type to be NONE or any HS cipher type in the header to the system, passing it off as a correctly signed token.
NONE
HS
github.com/reallylabs/jwt-scala/commit/093a9891471608623c715abd08ab0c237489b05a
github.com/reallylabs/jwt-scala/pull/14