Signature Validation Bypass
Affecting json-jwt gem, versions <1.9.4
json-jwt is a JSON Web Token and its family (JSON Web Signature, JSON Web Encryption and JSON Web Key) in Ruby.
Affected versions of this package are vulnerable to Signature Validation Bypass. Due to Improper Verification of Cryptographic Signature, an attacker could forge an forge an authentication tag.
json-jwt to version 1.9.4 or higher.