Name of the Vulnerable Software and Affected Versions jwt-simple versions prior to 0.5.3

Description The issue allows an attacker to bypass signature verification. If no algorithm is specified in the decode() function, the package uses the algorithm in the JWT to decode tokens. This enables an attacker to create a token with a symmetric algorithm (HS256) using the server's public key as a secret, which the package will incorrectly verify as an asymmetric algorithm (RS256).

Recommendations Upgrade to version 0.5.3 or later.