JsonWebToken open source library has a significant security flaw

>

The popular open source (opens in new tab) project JsonWebToken contained a very serious vulnerability that could allow remote threat actors to execute malicious code on affected endpoints.

A report from Palo Alto Networks’ cybersecurity arm, Unit 42, outlined how the flaw would allow the server to authenticate a maliciously crafted JSON web token (JWT) request, giving the attackers remote code execution (RCE) capabilities.