Name of the Vulnerable Software and Affected Versions node-jsonwebtoken (affected versions not specified) pyjwt (affected versions not specified) namshi/jose (affected versions not specified) php-jwt (affected versions not specified) jsjwt (affected versions not specified)

Description The issue affects several JSON Web Token (JWT) libraries, allowing attackers to bypass the verification step when using asymmetric keys, such as RS256, RS384, RS512, ES256, ES384, and ES512.

Recommendations For node-jsonwebtoken, update to a version that includes the fix for this issue. For pyjwt, update to a version that includes the fix for this issue. For namshi/jose, update to a version that includes the fix for this issue. For php-jwt, update to a version that includes the fix for this issue. For jsjwt, update to a version that includes the fix for this issue.