An attacker could crash the server by sending malformed JWT JSON in
LoginPacket due to a security vulnerability in
netresearch/jsonmapper, due to accepting
NULL values in arrays whose types do not expect
This problem was fixed in 5.3.1 and 4.23.1 by updating JsonMapper to include the following commit: pmmp/netresearch-jsonmapper@4f90e8dab1c9df331fad7d3d89823404e882668c
A plugin may handle
LoginPacket and check that none of the input arrays contain
NULL where it's not expected, but this is rather cumbersome.