Zimbatm

**Name of the Vulnerable Software and Affected Versions** golang-jwt versions prior to 4.5.2 golang-jwt versions prior to 5.2.2 **Description** The issue affects the `parse.ParseUnverified` function, which splits untrusted data on periods. This can lead to allocations of O(n) bytes when faced with a malicious request containing many period characters in the Authorization header. **Recommendations** For versions prior to 4.5.2, update to version 4.5.2 or later. For versions prior to 5.2.2, update to version 5.2.2 or later. As a temporary workaround, consider restricting the length of the Authorization header to prevent excessive allocations.