Name of the Vulnerable Software and Affected Versions: node-jsonwebtoken (affected versions not specified) pyjwt (affected versions not specified) namshi/jose (affected versions not specified) php-jwt (affected versions not specified) jsjwt (affected versions not specified)

Description: The issue affects several JSON Web Token (JWT) libraries, allowing attackers to bypass verification when using asymmetric keys such as RS256, RS384, RS512, ES256, ES384, and ES512.

Recommendations: For node-jsonwebtoken, update to a version that includes the fix for this issue. For pyjwt, update to a version that includes the fix for this issue. For namshi/jose, update to a version that includes the fix for this issue. For php-jwt, update to a version that includes the fix for this issue. For jsjwt, update to a version that includes the fix for this issue.