GMS-2015-4: JWT Verification bypass with "none" algorithm
It is possible for an attacker to create his own signed token with any payload he wants and have it considered valid using the “none” algorithm.
References
Detect and mitigate GMS-2015-4 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →