JWE is missing AES-GCM authentication tag validation in encrypted JWE
JWEs can be modified to decrypt to an arbitrary value JWEs can be decrypted by observing parsing differences The GCM internal GHASH key can be recovered
Advisories for Gem/Jwe package
2025