Mrsuicideparrot

**Name of the Vulnerable Software and Affected Versions** DP3T-Backend-SDK versions prior to 1.1.1 **Description** An issue was discovered in the DP3T-Backend-SDK. When configured to check JWT before uploading or publishing keys, it is possible to skip the signature check by providing a JWT token with `alg=none`. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider disabling the JWT check or restricting the use of the `alg=none` parameter until a patch is available.