Improper Verification of Cryptographic Signature
ServiceStack mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.
Advisories for Nuget/ServiceStack package
2020
2019
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ServiceStack ServiceStack Framework The fixed version is: