Javiermorales36

**Name of the Vulnerable Software and Affected Versions** python-jose versions through 3.3.0 **Description** The software accepts JWT tokens with 'alg=none' without cryptographic signature verification. This allows a malicious actor to create forged tokens with arbitrary claims, potentially bypassing authentication checks and leading to privilege escalation or unauthorized access. The API endpoint is not specified. The vulnerable parameter is the JWT token itself. The vulnerable function is the token validation process. **Recommendations** Versions prior to 3.3.1 should be updated.