Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned.

Description: The issue concerns the decryption and verification of JsonWebEncryption objects with multiple recipients or JsonWebSignature objects with multiple signatures. The Decrypt and Verify methods do not specify which recipient or signature is valid, potentially leading to reliance on protected headers from an invalid recipient or signature.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.