Authentication bypass
The library does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.
The library does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token.