Consideratio

**Name of the Vulnerable Software and Affected Versions** jupyterhub-ltiauthenticator versions 1.3.0 through 1.3.x **Description** The issue concerns the LTI13Authenticator in jupyterhub-ltiauthenticator, which failed to validate JWT signatures, potentially allowing forged requests to be authorized. This affects JupyterHub installations configured to use the LTI13Authenticator class. **Recommendations** For versions 1.3.0 through 1.3.x, update to version 1.4.0, which removes the LTI13Authenticator to address the issue. As a temporary workaround, consider disabling the LTI13Authenticator class until the issue is resolved.