Dmako

Name of the Vulnerable Software and Affected Versions: inversoft prime-jwt versions prior to 1.3.0 Description: The issue concerns an input validation vulnerability in the `JWTDecoder.decode` function. This vulnerability can be exploited by an attacker crafting a token with a valid header and body, which can then be requested for validation, potentially allowing a JWT to be decoded and implicitly validated even if it lacks a valid signature. Recommendations: For inversoft prime-jwt versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue.