Highlzychowski

**Name of the Vulnerable Software and Affected Versions** omniauth-auth0 versions 2.3.0 through 2.4.0 **Description** The issue concerns improper validation of the JWT token signature when using the `jwt validator.verify` method, potentially allowing an attacker to bypass authentication and authorization. This affects users of `omniauth-auth0` who either use the `JWTValidator.verify` method directly or do not authenticate using the SDK's default Authorization Code Flow. **Recommendations** For omniauth-auth0 versions 2.3.0 through 2.4.0, upgrade to version 2.4.1 to resolve the issue. As a temporary workaround, consider avoiding the use of the `JWTValidator.verify` method directly and instead use the SDK's default Authorization Code Flow for authentication.