Rcadob

**Name of the Vulnerable Software and Affected Versions** inversoft prime-jwt versions prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba **Description** The issue concerns an incorrect signature validation of a JWT token. An attacker can exploit this by crafting a JWT token with a valid header using 'none' as the algorithm and a body, then requesting it to be validated. This occurs due to a flaw in the `JWTDecoder.decode` function. **Recommendations** For inversoft prime-jwt versions prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba, update to a version that includes the fix after commit abb0d479389a2509f939452a6767dc424bb5e6ba to resolve the issue. As a temporary workaround, consider validating JWT tokens with additional checks to ensure the algorithm is not set to 'none' before passing them to the `JWTDecoder.decode` function.