CVE-2019-1010161

Name of the Vulnerable Software and Affected Versions: perl-CRYPT-JWT versions 0.022 and earlier

Description: The issue is related to incorrect access control, allowing bypass authentication. It affects the JWT.pm component for JWT security tokens, specifically in the decode jws() function at line 614. The attack vector involves network connectivity, where an attacker can craft user-controlled input to bypass authentication.

Recommendations: For versions 0.022 and earlier, update to version 0.023 to resolve the issue. As a temporary workaround, consider restricting access to the JWT.pm component or limiting network connectivity to minimize the risk of exploitation.