JsonWebToken open source library has a significant security flaw

The popular open source (opens in new tab) project JsonWebToken was carrying a high-severity vulnerability that allowed threat actors to execute malicious code on affected endpoints, remotely.

A report from Palo Alto Networks’ cybersecurity arm, Unit 42 outlined how the flaw would allow the server to verify a maliciously crafted JSON web token (JWT) request, thus granting the attackers remote code execution (RCE) abilities. 

Source: www.techradar.com