Improper Verification of Cryptographic Signature
Portofino is an open source web development framework. Portofino before version 5.2.1 does not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.