Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 and earlier, a malicious user could choose what algorithm is sent sent to the server. If the server is expecting RSA but is sent HMAC-SHA with RSA's public key, the server will think the public key is actually an HMAC private key. This could be used to forge any data an attacker wants.
{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "0.3.0"
}
],
"cpe": "cpe:2.3:a:jwt-simple_project:jwt-simple:*:*:*:*:*:node.js:*:*"
}