Name of the Vulnerable Software and Affected Versions namshi/jose (affected versions not specified)

Description The issue arises from the allowUnsecure flag, which permits tokens signed with 'none' algorithms to be processed when set to true. This behavior poses a significant security risk as it could allow an attacker to impersonate users by crafting a valid JWT token.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.