Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance.
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cjwt | Xmidt | 1.0.1 (including) | 2019-11-25 (excluding) |