CVE-2024-28194

Name of the Vulnerable Software and Affected Versions YourSpotify versions prior to 1.8.0

Description The issue concerns the use of a hardcoded JSON Web Token (JWT) secret in authentication tokens. This allows attackers to forge valid authentication tokens for any user, effectively bypassing authentication and potentially authenticating as admin users.

Recommendations For versions prior to 1.8.0, upgrade to version 1.8.0 to address the issue. As a temporary workaround, consider restricting access to sensitive features until the upgrade is applied.